Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

access denied cannot delete files

Started by coolbox , Dec 05 2010 12:44 PM

  • This topic is locked This topic is locked

#1
coolbox
Posted 05 December 2010 - 12:44 PM

coolbox

    Member

  • Member
  • PipPip
  • 72 posts
I have two files in my downloads folder, which I cannot remove because access is denied. I tried various software from the internet but it all doesn't work. Re-starting in the safe mode does not help either. I also tried Task Manager but it could not find the offending files! Another strange thing is that I have 'Desktop' folder reappearing in my Downloads, even if I delete it. It shows a couple of non-essential shortcuts - is this a symptom of something not being right too? I checked 'security' options for the files and I am the owner. Can you help?
I'm using Windows Vista Home Edition.
  • 0

Advertisements

#2
SweetTech
Posted 06 December 2010 - 03:45 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
What are the file names of the 2 files you are trying to remove?

Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c dir /a /s "%userprofile%\Downloads">"%userprofile%\desktop\look.txt"
A file called look.txt should appear on your Desktop. Please post the contents of this file.
  • 0

#3
coolbox
Posted 06 December 2010 - 05:03 PM

coolbox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
two file names are DrJeckyll_And_His_Women and ATOMIC Nasjonaljazzscene Part1_2 . They are both .mp4 files. Excuse my ignorance but I don't have 'run' box on Vista, methinks. I only have 'search' box.
  • 0

#4
SweetTech
Posted 06 December 2010 - 05:07 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Press Windows Key + R to bring up the Run dialog box.
  • 0

#5
coolbox
Posted 06 December 2010 - 05:12 PM

coolbox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi there. Yes Windows Key + R works but nothing arrived on my desktop.
  • 0

#6
SweetTech
Posted 06 December 2010 - 05:15 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
There isn't a file named look.txt on your desktop?
  • 0

#7
coolbox
Posted 06 December 2010 - 05:19 PM

coolbox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
No, I can't see it but I have found it through 'search'. here is the content:

Volume in drive C has no label.
Volume Serial Number is 68CC-FA75

Directory of C:\Users\Andrew\Downloads

06/12/2010 21:34 <DIR> .
06/12/2010 21:34 <DIR> ..
04/12/2010 18:58 <DIR> .blurb
23/11/2010 20:04 2,652,884 ac3filter_1_62b.exe
23/11/2010 17:45 10,208,563 ATOMIC Nasjonaljazzscene Part1_2.mp4
05/12/2010 22:10 <DIR> Desktop
29/11/2010 20:00 282 desktop.ini
04/12/2010 23:02 1,251,974,432 DrJeckyll_And_His_Women.mp4
21/09/2010 19:17 19,901,118 Emerson, Lake _amp; Palmer - Take a Pebble [www.keepvid.com].mp4
03/10/2010 13:59 18,538,713 Mahavishnu Orchestra - Lila_.wmv
04/12/2010 16:27 <DIR> My Documents
30/11/2010 14:12 <DIR> Sherlock Holmes (2009) DVDSCR XviD-MAXSPEED
23/11/2010 21:28 293,160 SoftonicDownloader_for_ac97-audio-codec.exe
06/12/2010 20:56 1,367 Spanish-Level-I-Demo.txt
05/12/2010 22:09 4,252,440 Spotify Installer.exe
28/11/2010 21:21 <DIR> StuffIt Deluxe 12
28/11/2010 21:17 5,729 StuffIt_12_Deluxe_for_windows-serial_incl.4570459.TPB.torrent
25/11/2010 14:14 30,363,731 synfigstudio-0.62.01.exe
05/12/2010 14:09 1,125,011 Unlocker1.9.0-x64.exe
23/11/2010 20:30 4,878,219 VideoJoiner.exe
13 File(s) 1,344,195,649 bytes

Directory of C:\Users\Andrew\Downloads\.blurb

04/12/2010 18:58 <DIR> .
04/12/2010 18:58 <DIR> ..
23/11/2010 17:47 36 .guid
04/12/2010 18:58 1,875 bsc.settings
04/12/2010 18:58 12 userdic.tlx
3 File(s) 1,923 bytes

Directory of C:\Users\Andrew\Downloads\Desktop

05/12/2010 22:10 <DIR> .
05/12/2010 22:10 <DIR> ..
05/12/2010 13:00 282 desktop.ini
05/12/2010 22:10 794 Spotify.lnk
2 File(s) 1,076 bytes

Directory of C:\Users\Andrew\Downloads\My Documents

04/12/2010 16:27 <DIR> .
04/12/2010 16:27 <DIR> ..
04/12/2010 18:55 <DIR> BookSmartData
0 File(s) 0 bytes

Directory of C:\Users\Andrew\Downloads\My Documents\BookSmartData

04/12/2010 18:55 <DIR> .
04/12/2010 18:55 <DIR> ..
04/12/2010 18:58 <DIR> symphony in b-line
0 File(s) 0 bytes

Directory of C:\Users\Andrew\Downloads\My Documents\BookSmartData\symphony in b-line

04/12/2010 18:58 <DIR> .
04/12/2010 18:58 <DIR> ..
04/12/2010 18:55 <DIR> library
04/12/2010 18:55 909,493 symphony in b-line.backup
04/12/2010 18:58 539,174 symphony in b-line.book
04/12/2010 18:58 33,277 symphony in b-line.jpg
04/12/2010 18:58 2,951 symphony in b-line.settings
4 File(s) 1,484,895 bytes

Directory of C:\Users\Andrew\Downloads\My Documents\BookSmartData\symphony in b-line\library

04/12/2010 18:55 <DIR> .
04/12/2010 18:55 <DIR> ..
04/12/2010 17:03 2,575,140 05b00c47-db07-486d-81c7-425c3f7ed14b.original
04/12/2010 17:03 62,296 05b00c47-db07-486d-81c7-425c3f7ed14b.screen
04/12/2010 17:03 18,466 05b00c47-db07-486d-81c7-425c3f7ed14b.thumb
04/12/2010 17:03 187,070 05b00c47-db07-486d-81c7-425c3f7ed14b.zoom
04/12/2010 17:16 2,674,586 092b9397-539e-40fa-b15c-43e5da6f4076.original
04/12/2010 17:16 50,517 092b9397-539e-40fa-b15c-43e5da6f4076.screen
04/12/2010 17:16 17,446 092b9397-539e-40fa-b15c-43e5da6f4076.thumb
04/12/2010 17:16 142,775 092b9397-539e-40fa-b15c-43e5da6f4076.zoom
04/12/2010 17:08 2,609,161 0a2ec909-e17b-49f7-be21-dff526659301.original
04/12/2010 17:08 60,246 0a2ec909-e17b-49f7-be21-dff526659301.screen
04/12/2010 17:08 19,099 0a2ec909-e17b-49f7-be21-dff526659301.thumb
04/12/2010 17:08 175,973 0a2ec909-e17b-49f7-be21-dff526659301.zoom
04/12/2010 17:16 2,494,465 0ac6e59f-12ee-4d66-8c18-3b4bc148f616.original
04/12/2010 17:16 57,354 0ac6e59f-12ee-4d66-8c18-3b4bc148f616.screen
04/12/2010 17:16 18,253 0ac6e59f-12ee-4d66-8c18-3b4bc148f616.thumb
04/12/2010 17:17 162,853 0ac6e59f-12ee-4d66-8c18-3b4bc148f616.zoom
04/12/2010 17:28 2,402,935 0e61f34c-b8d2-4e77-8b9f-2710f49eeb91.original
04/12/2010 17:28 58,732 0e61f34c-b8d2-4e77-8b9f-2710f49eeb91.screen
04/12/2010 17:28 18,030 0e61f34c-b8d2-4e77-8b9f-2710f49eeb91.thumb
04/12/2010 17:28 174,465 0e61f34c-b8d2-4e77-8b9f-2710f49eeb91.zoom
04/12/2010 17:54 2,162,566 0f31389a-a58c-4779-800b-d1c6c53573b0.original
04/12/2010 17:56 54,351 0f31389a-a58c-4779-800b-d1c6c53573b0.screen
04/12/2010 17:55 17,315 0f31389a-a58c-4779-800b-d1c6c53573b0.thumb
04/12/2010 17:55 153,567 0f31389a-a58c-4779-800b-d1c6c53573b0.zoom
04/12/2010 17:22 2,479,822 145fe266-fd24-4c62-961b-503a30fe6728.original
04/12/2010 17:22 61,566 145fe266-fd24-4c62-961b-503a30fe6728.screen
04/12/2010 17:22 18,573 145fe266-fd24-4c62-961b-503a30fe6728.thumb
04/12/2010 17:22 175,322 145fe266-fd24-4c62-961b-503a30fe6728.zoom
04/12/2010 17:08 2,460,306 154d675e-e809-45e4-9922-8328c206cc49.original
04/12/2010 17:08 51,727 154d675e-e809-45e4-9922-8328c206cc49.screen
04/12/2010 17:08 16,407 154d675e-e809-45e4-9922-8328c206cc49.thumb
04/12/2010 17:08 148,731 154d675e-e809-45e4-9922-8328c206cc49.zoom
04/12/2010 17:54 2,201,909 1755df83-b016-4d61-b064-efaa984f7364.original
04/12/2010 17:55 52,009 1755df83-b016-4d61-b064-efaa984f7364.screen
04/12/2010 17:54 16,696 1755df83-b016-4d61-b064-efaa984f7364.thumb
04/12/2010 17:55 151,238 1755df83-b016-4d61-b064-efaa984f7364.zoom
04/12/2010 17:17 2,944,092 1874d896-67b9-4a78-8872-d784bc9da699.original
04/12/2010 17:18 98,450 1874d896-67b9-4a78-8872-d784bc9da699.screen
04/12/2010 17:17 10,666 1874d896-67b9-4a78-8872-d784bc9da699.thumb
04/12/2010 17:18 258,151 1874d896-67b9-4a78-8872-d784bc9da699.zoom
04/12/2010 17:09 3,133,179 1a70a661-9e0b-45fc-b25a-b4986465f342.original
04/12/2010 17:09 66,126 1a70a661-9e0b-45fc-b25a-b4986465f342.screen
04/12/2010 17:09 19,946 1a70a661-9e0b-45fc-b25a-b4986465f342.thumb
04/12/2010 17:09 198,717 1a70a661-9e0b-45fc-b25a-b4986465f342.zoom
04/12/2010 17:15 2,190,395 1e125eb0-5454-4f1d-89fd-0104651e4775.original
04/12/2010 17:15 45,095 1e125eb0-5454-4f1d-89fd-0104651e4775.screen
04/12/2010 17:15 14,929 1e125eb0-5454-4f1d-89fd-0104651e4775.thumb
04/12/2010 17:15 127,511 1e125eb0-5454-4f1d-89fd-0104651e4775.zoom
04/12/2010 17:25 2,529,982 20bbb0e9-9fe0-4bd6-aed6-28e8d5b91ff7.original
04/12/2010 17:25 59,962 20bbb0e9-9fe0-4bd6-aed6-28e8d5b91ff7.screen
04/12/2010 17:25 18,948 20bbb0e9-9fe0-4bd6-aed6-28e8d5b91ff7.thumb
04/12/2010 17:25 175,523 20bbb0e9-9fe0-4bd6-aed6-28e8d5b91ff7.zoom
04/12/2010 17:12 2,071,276 20c08756-df32-4cf5-91b7-5ebd861afb6b.original
04/12/2010 17:13 43,964 20c08756-df32-4cf5-91b7-5ebd861afb6b.screen
04/12/2010 17:12 14,953 20c08756-df32-4cf5-91b7-5ebd861afb6b.thumb
04/12/2010 17:13 121,556 20c08756-df32-4cf5-91b7-5ebd861afb6b.zoom
04/12/2010 17:28 2,420,699 25958f8c-6fc2-41a0-929a-262937ad8606.original
04/12/2010 17:28 59,101 25958f8c-6fc2-41a0-929a-262937ad8606.screen
04/12/2010 17:28 17,998 25958f8c-6fc2-41a0-929a-262937ad8606.thumb
04/12/2010 17:28 173,016 25958f8c-6fc2-41a0-929a-262937ad8606.zoom
04/12/2010 17:26 2,249,171 2d75ec65-2d4a-41fd-aea3-8820ac56b87d.original
04/12/2010 17:26 56,130 2d75ec65-2d4a-41fd-aea3-8820ac56b87d.screen
04/12/2010 17:26 17,376 2d75ec65-2d4a-41fd-aea3-8820ac56b87d.thumb
04/12/2010 17:26 160,553 2d75ec65-2d4a-41fd-aea3-8820ac56b87d.zoom
04/12/2010 17:15 2,313,510 30bb1900-892b-428b-9240-224df485a16e.original
04/12/2010 17:15 54,324 30bb1900-892b-428b-9240-224df485a16e.screen
04/12/2010 17:15 17,252 30bb1900-892b-428b-9240-224df485a16e.thumb
04/12/2010 17:15 153,377 30bb1900-892b-428b-9240-224df485a16e.zoom
04/12/2010 17:06 2,482,883 30ce65d1-fddc-459d-bc75-347256c9d10b.original
04/12/2010 17:06 54,348 30ce65d1-fddc-459d-bc75-347256c9d10b.screen
04/12/2010 17:06 17,440 30ce65d1-fddc-459d-bc75-347256c9d10b.thumb
04/12/2010 17:06 153,828 30ce65d1-fddc-459d-bc75-347256c9d10b.zoom
04/12/2010 17:15 2,443,473 31cc81e3-18d3-4154-93e8-1d25907814e8.original
04/12/2010 17:15 50,345 31cc81e3-18d3-4154-93e8-1d25907814e8.screen
04/12/2010 17:15 15,914 31cc81e3-18d3-4154-93e8-1d25907814e8.thumb
04/12/2010 17:15 146,484 31cc81e3-18d3-4154-93e8-1d25907814e8.zoom
04/12/2010 17:27 2,392,118 34378e02-a9f6-488f-9134-4ab63e42182f.original
04/12/2010 17:27 60,624 34378e02-a9f6-488f-9134-4ab63e42182f.screen
04/12/2010 17:27 19,003 34378e02-a9f6-488f-9134-4ab63e42182f.thumb
04/12/2010 17:27 174,010 34378e02-a9f6-488f-9134-4ab63e42182f.zoom
04/12/2010 17:02 2,494,357 36bde14c-9b51-43f6-ac26-acc2ea81af36.original
04/12/2010 17:02 55,867 36bde14c-9b51-43f6-ac26-acc2ea81af36.screen
04/12/2010 17:02 17,576 36bde14c-9b51-43f6-ac26-acc2ea81af36.thumb
04/12/2010 17:02 163,674 36bde14c-9b51-43f6-ac26-acc2ea81af36.zoom
04/12/2010 17:54 2,583,391 3727d59f-1e75-4b4c-82f4-3f597f4fbc38.original
04/12/2010 17:55 56,205 3727d59f-1e75-4b4c-82f4-3f597f4fbc38.screen
04/12/2010 17:55 18,082 3727d59f-1e75-4b4c-82f4-3f597f4fbc38.thumb
04/12/2010 17:56 162,812 3727d59f-1e75-4b4c-82f4-3f597f4fbc38.zoom
04/12/2010 18:10 2,076,863 3a8ca579-e339-40cb-8fa8-5f94fc82ae81.original
04/12/2010 18:10 30,479 3a8ca579-e339-40cb-8fa8-5f94fc82ae81.screen
04/12/2010 18:10 3,843 3a8ca579-e339-40cb-8fa8-5f94fc82ae81.thumb
04/12/2010 18:10 92,708 3a8ca579-e339-40cb-8fa8-5f94fc82ae81.zoom
04/12/2010 17:20 2,262,106 3f2dfee1-6ce4-4bf4-8d8a-3b23d7e8d564.original
04/12/2010 17:20 54,693 3f2dfee1-6ce4-4bf4-8d8a-3b23d7e8d564.screen
04/12/2010 17:20 18,182 3f2dfee1-6ce4-4bf4-8d8a-3b23d7e8d564.thumb
04/12/2010 17:20 153,426 3f2dfee1-6ce4-4bf4-8d8a-3b23d7e8d564.zoom
04/12/2010 17:59 1,694,990 3f81ec39-f1f9-41d9-b9ff-aa6bab80443a.original
04/12/2010 18:00 22,008 3f81ec39-f1f9-41d9-b9ff-aa6bab80443a.screen
04/12/2010 17:59 7,550 3f81ec39-f1f9-41d9-b9ff-aa6bab80443a.thumb
04/12/2010 18:00 71,606 3f81ec39-f1f9-41d9-b9ff-aa6bab80443a.zoom
04/12/2010 17:54 2,747,352 4049270b-58cf-42be-9991-cbfd138c3c85.original
04/12/2010 17:56 66,379 4049270b-58cf-42be-9991-cbfd138c3c85.screen
04/12/2010 17:54 20,351 4049270b-58cf-42be-9991-cbfd138c3c85.thumb
04/12/2010 17:56 193,128 4049270b-58cf-42be-9991-cbfd138c3c85.zoom
04/12/2010 17:05 2,863,660 4369e4bc-3ee5-44c5-9d3b-3cf65b226b08.original
04/12/2010 17:05 66,602 4369e4bc-3ee5-44c5-9d3b-3cf65b226b08.screen
04/12/2010 17:05 19,975 4369e4bc-3ee5-44c5-9d3b-3cf65b226b08.thumb
04/12/2010 17:05 197,822 4369e4bc-3ee5-44c5-9d3b-3cf65b226b08.zoom
04/12/2010 17:07 3,457,260 445c8480-b598-427f-8129-ff9c34910e53.original
04/12/2010 17:07 51,514 445c8480-b598-427f-8129-ff9c34910e53.screen
04/12/2010 17:07 15,633 445c8480-b598-427f-8129-ff9c34910e53.thumb
04/12/2010 17:07 157,393 445c8480-b598-427f-8129-ff9c34910e53.zoom
04/12/2010 17:18 1,815,195 456fd1c3-d4e4-4bcb-af5f-abffa0b63546.original
04/12/2010 17:18 62,635 456fd1c3-d4e4-4bcb-af5f-abffa0b63546.screen
04/12/2010 17:18 19,913 456fd1c3-d4e4-4bcb-af5f-abffa0b63546.thumb
04/12/2010 17:18 174,380 456fd1c3-d4e4-4bcb-af5f-abffa0b63546.zoom
04/12/2010 17:12 2,683,696 4667117a-bde0-446b-ac09-59a545e2e951.original
04/12/2010 17:12 62,717 4667117a-bde0-446b-ac09-59a545e2e951.screen
04/12/2010 17:12 20,390 4667117a-bde0-446b-ac09-59a545e2e951.thumb
04/12/2010 17:12 177,402 4667117a-bde0-446b-ac09-59a545e2e951.zoom
04/12/2010 17:06 3,463,484 4c7fb270-d64c-43e1-90d0-d663f0514177.original
04/12/2010 17:06 56,295 4c7fb270-d64c-43e1-90d0-d663f0514177.screen
04/12/2010 17:06 17,537 4c7fb270-d64c-43e1-90d0-d663f0514177.thumb
04/12/2010 17:06 162,567 4c7fb270-d64c-43e1-90d0-d663f0514177.zoom
04/12/2010 17:03 3,107,843 4d81729c-010d-46b0-b7de-f54329dd50b9.original
04/12/2010 17:03 68,409 4d81729c-010d-46b0-b7de-f54329dd50b9.screen
04/12/2010 17:03 21,470 4d81729c-010d-46b0-b7de-f54329dd50b9.thumb
04/12/2010 17:03 206,640 4d81729c-010d-46b0-b7de-f54329dd50b9.zoom
04/12/2010 17:15 2,280,922 55099f66-88a4-45d5-a788-b4bb6f65d7e1.original
04/12/2010 17:15 53,368 55099f66-88a4-45d5-a788-b4bb6f65d7e1.screen
04/12/2010 17:15 16,638 55099f66-88a4-45d5-a788-b4bb6f65d7e1.thumb
04/12/2010 17:15 153,910 55099f66-88a4-45d5-a788-b4bb6f65d7e1.zoom
04/12/2010 17:09 2,589,268 55da94fc-57ad-4435-bc58-338ff15abc5f.original
04/12/2010 17:09 61,390 55da94fc-57ad-4435-bc58-338ff15abc5f.screen
04/12/2010 17:09 19,319 55da94fc-57ad-4435-bc58-338ff15abc5f.thumb
04/12/2010 17:10 174,546 55da94fc-57ad-4435-bc58-338ff15abc5f.zoom
04/12/2010 17:14 2,621,176 57675543-a2a0-4356-9806-107e84a5b385.original
04/12/2010 17:14 58,182 57675543-a2a0-4356-9806-107e84a5b385.screen
04/12/2010 17:14 18,852 57675543-a2a0-4356-9806-107e84a5b385.thumb
04/12/2010 17:14 170,402 57675543-a2a0-4356-9806-107e84a5b385.zoom
04/12/2010 17:54 2,528,048 58923e3c-51b9-4dce-b6ed-90a2a8528697.original
04/12/2010 17:55 59,128 58923e3c-51b9-4dce-b6ed-90a2a8528697.screen
04/12/2010 17:55 18,543 58923e3c-51b9-4dce-b6ed-90a2a8528697.thumb
04/12/2010 17:55 174,440 58923e3c-51b9-4dce-b6ed-90a2a8528697.zoom
04/12/2010 17:54 2,290,328 58a913a8-7f50-47f0-9322-70af34b19c46.original
04/12/2010 17:55 55,222 58a913a8-7f50-47f0-9322-70af34b19c46.screen
04/12/2010 17:55 17,572 58a913a8-7f50-47f0-9322-70af34b19c46.thumb
04/12/2010 17:55 157,377 58a913a8-7f50-47f0-9322-70af34b19c46.zoom
04/12/2010 17:24 2,825,257 58e7c709-8bd9-41ce-937f-87164873a356.original
04/12/2010 17:24 58,596 58e7c709-8bd9-41ce-937f-87164873a356.screen
04/12/2010 17:24 18,150 58e7c709-8bd9-41ce-937f-87164873a356.thumb
04/12/2010 17:24 175,501 58e7c709-8bd9-41ce-937f-87164873a356.zoom
04/12/2010 17:18 1,520,100 618c7466-9839-470a-a0d6-cdbf04be4568.original
04/12/2010 17:18 49,409 618c7466-9839-470a-a0d6-cdbf04be4568.screen
04/12/2010 17:18 16,840 618c7466-9839-470a-a0d6-cdbf04be4568.thumb
04/12/2010 17:18 129,007 618c7466-9839-470a-a0d6-cdbf04be4568.zoom
04/12/2010 17:12 2,408,226 6208f32c-a3b8-48c0-ab6e-437608925a83.original
04/12/2010 17:12 63,382 6208f32c-a3b8-48c0-ab6e-437608925a83.screen
04/12/2010 17:12 19,753 6208f32c-a3b8-48c0-ab6e-437608925a83.thumb
04/12/2010 17:12 179,225 6208f32c-a3b8-48c0-ab6e-437608925a83.zoom
04/12/2010 17:11 2,265,885 639bd0df-8862-4e39-a5ab-ebe079e6e43e.original
04/12/2010 17:11 58,617 639bd0df-8862-4e39-a5ab-ebe079e6e43e.screen
04/12/2010 17:11 18,578 639bd0df-8862-4e39-a5ab-ebe079e6e43e.thumb
04/12/2010 17:11 165,332 639bd0df-8862-4e39-a5ab-ebe079e6e43e.zoom
04/12/2010 17:19 2,553,479 66adebd9-3a17-47c6-8261-a2b95ba22eeb.original
04/12/2010 17:19 55,141 66adebd9-3a17-47c6-8261-a2b95ba22eeb.screen
04/12/2010 17:19 18,289 66adebd9-3a17-47c6-8261-a2b95ba22eeb.thumb
04/12/2010 17:19 154,721 66adebd9-3a17-47c6-8261-a2b95ba22eeb.zoom
04/12/2010 17:28 2,617,535 68ed2c0d-f9c0-43da-99b6-ff0662c2a244.original
04/12/2010 17:29 62,748 68ed2c0d-f9c0-43da-99b6-ff0662c2a244.screen
04/12/2010 17:28 18,606 68ed2c0d-f9c0-43da-99b6-ff0662c2a244.thumb
04/12/2010 17:29 188,004 68ed2c0d-f9c0-43da-99b6-ff0662c2a244.zoom
04/12/2010 17:26 2,689,437 6ba23758-1862-4cf9-82bc-4b2510f06f1f.original
04/12/2010 17:26 59,386 6ba23758-1862-4cf9-82bc-4b2510f06f1f.screen
04/12/2010 17:26 18,258 6ba23758-1862-4cf9-82bc-4b2510f06f1f.thumb
04/12/2010 17:26 171,342 6ba23758-1862-4cf9-82bc-4b2510f06f1f.zoom
04/12/2010 17:10 2,268,239 705e5c93-3e4b-4ef2-af73-4aa481bb36f2.original
04/12/2010 17:11 58,461 705e5c93-3e4b-4ef2-af73-4aa481bb36f2.screen
04/12/2010 17:10 18,918 705e5c93-3e4b-4ef2-af73-4aa481bb36f2.thumb
04/12/2010 17:11 165,890 705e5c93-3e4b-4ef2-af73-4aa481bb36f2.zoom
04/12/2010 17:21 2,507,925 7888c511-c8de-4e72-b252-84d111bfe8ff.original
04/12/2010 17:21 58,559 7888c511-c8de-4e72-b252-84d111bfe8ff.screen
04/12/2010 17:21 18,813 7888c511-c8de-4e72-b252-84d111bfe8ff.thumb
04/12/2010 17:22 166,541 7888c511-c8de-4e72-b252-84d111bfe8ff.zoom
04/12/2010 17:54 2,357,025 78ae9b42-58ee-41e2-995d-e8fef1bdd948.original
04/12/2010 17:56 63,944 78ae9b42-58ee-41e2-995d-e8fef1bdd948.screen
04/12/2010 17:55 20,102 78ae9b42-58ee-41e2-995d-e8fef1bdd948.thumb
04/12/2010 17:56 181,838 78ae9b42-58ee-41e2-995d-e8fef1bdd948.zoom
04/12/2010 17:17 1,676,921 78eb3d10-ca29-40e2-b605-5d7157de239b.original
04/12/2010 17:17 57,806 78eb3d10-ca29-40e2-b605-5d7157de239b.screen
04/12/2010 17:17 18,895 78eb3d10-ca29-40e2-b605-5d7157de239b.thumb
04/12/2010 17:17 157,673 78eb3d10-ca29-40e2-b605-5d7157de239b.zoom
04/12/2010 17:54 2,362,479 7b5977f9-63b2-44cc-bb49-23437a6ec43f.original
04/12/2010 17:56 62,315 7b5977f9-63b2-44cc-bb49-23437a6ec43f.screen
04/12/2010 17:55 18,836 7b5977f9-63b2-44cc-bb49-23437a6ec43f.thumb
04/12/2010 17:55 180,234 7b5977f9-63b2-44cc-bb49-23437a6ec43f.zoom
04/12/2010 17:21 5,639,084 86008b13-557d-4e48-8320-2683476eb6f1.original
04/12/2010 17:21 123,269 86008b13-557d-4e48-8320-2683476eb6f1.screen
04/12/2010 17:21 12,343 86008b13-557d-4e48-8320-2683476eb6f1.thumb
04/12/2010 17:21 360,938 86008b13-557d-4e48-8320-2683476eb6f1.zoom
04/12/2010 17:54 2,778,954 8c685085-579d-4d7e-abcb-7138a295a744.original
04/12/2010 17:55 57,725 8c685085-579d-4d7e-abcb-7138a295a744.screen
04/12/2010 17:54 18,476 8c685085-579d-4d7e-abcb-7138a295a744.thumb
04/12/2010 17:56 163,520 8c685085-579d-4d7e-abcb-7138a295a744.zoom
04/12/2010 17:08 2,791,805 900d5136-c9bc-42a3-a3f6-d64958674dee.original
04/12/2010 17:08 58,884 900d5136-c9bc-42a3-a3f6-d64958674dee.screen
04/12/2010 17:08 17,933 900d5136-c9bc-42a3-a3f6-d64958674dee.thumb
04/12/2010 17:08 174,889 900d5136-c9bc-42a3-a3f6-d64958674dee.zoom
04/12/2010 17:27 2,393,322 95cf9dda-a1f4-4cfe-8299-1014b3a164eb.original
04/12/2010 17:27 55,086 95cf9dda-a1f4-4cfe-8299-1014b3a164eb.screen
04/12/2010 17:27 17,253 95cf9dda-a1f4-4cfe-8299-1014b3a164eb.thumb
04/12/2010 17:27 159,723 95cf9dda-a1f4-4cfe-8299-1014b3a164eb.zoom
04/12/2010 17:23 2,583,266 96606153-babd-4d8b-87fa-60d684cfc72b.original
04/12/2010 17:23 63,250 96606153-babd-4d8b-87fa-60d684cfc72b.screen
04/12/2010 17:23 19,601 96606153-babd-4d8b-87fa-60d684cfc72b.thumb
04/12/2010 17:23 186,720 96606153-babd-4d8b-87fa-60d684cfc72b.zoom
04/12/2010 17:23 2,868,626 9727fefc-1eda-45f1-ac8f-7ad90d2aaae7.original
04/12/2010 17:23 56,749 9727fefc-1eda-45f1-ac8f-7ad90d2aaae7.screen
04/12/2010 17:23 17,927 9727fefc-1eda-45f1-ac8f-7ad90d2aaae7.thumb
04/12/2010 17:23 169,179 9727fefc-1eda-45f1-ac8f-7ad90d2aaae7.zoom
04/12/2010 17:29 2,729,311 9ea25229-ac34-4481-8699-f65ef2f4bf8e.original
04/12/2010 17:29 62,657 9ea25229-ac34-4481-8699-f65ef2f4bf8e.screen
04/12/2010 17:29 19,151 9ea25229-ac34-4481-8699-f65ef2f4bf8e.thumb
04/12/2010 17:29 183,845 9ea25229-ac34-4481-8699-f65ef2f4bf8e.zoom
04/12/2010 17:18 1,495,825 9f86fe9d-0648-4f2c-bc75-e44bb782eb59.original
04/12/2010 17:18 48,516 9f86fe9d-0648-4f2c-bc75-e44bb782eb59.screen
04/12/2010 17:18 16,435 9f86fe9d-0648-4f2c-bc75-e44bb782eb59.thumb
04/12/2010 17:18 129,093 9f86fe9d-0648-4f2c-bc75-e44bb782eb59.zoom
04/12/2010 17:19 2,582,169 a07b18da-6832-46a3-954a-54b43fb28549.original
04/12/2010 17:19 52,912 a07b18da-6832-46a3-954a-54b43fb28549.screen
04/12/2010 17:19 17,714 a07b18da-6832-46a3-954a-54b43fb28549.thumb
04/12/2010 17:19 148,862 a07b18da-6832-46a3-954a-54b43fb28549.zoom
04/12/2010 17:04 2,577,510 a9b8208d-c4c1-4573-9c27-f2aa2ed44e91.original
04/12/2010 17:04 60,828 a9b8208d-c4c1-4573-9c27-f2aa2ed44e91.screen
04/12/2010 17:04 18,328 a9b8208d-c4c1-4573-9c27-f2aa2ed44e91.thumb
04/12/2010 17:04 182,346 a9b8208d-c4c1-4573-9c27-f2aa2ed44e91.zoom
04/12/2010 17:11 2,444,188 ac97d97e-c11a-4128-a170-128001dafbe5.original
04/12/2010 17:11 61,576 ac97d97e-c11a-4128-a170-128001dafbe5.screen
04/12/2010 17:11 18,937 ac97d97e-c11a-4128-a170-128001dafbe5.thumb
04/12/2010 17:12 176,927 ac97d97e-c11a-4128-a170-128001dafbe5.zoom
04/12/2010 17:29 2,145,573 af3fdd7f-0014-45d2-9ba9-d26fa81f3b79.original
04/12/2010 17:29 48,851 af3fdd7f-0014-45d2-9ba9-d26fa81f3b79.screen
04/12/2010 17:29 16,083 af3fdd7f-0014-45d2-9ba9-d26fa81f3b79.thumb
04/12/2010 17:29 135,345 af3fdd7f-0014-45d2-9ba9-d26fa81f3b79.zoom
04/12/2010 17:58 1,568,404 b029f2eb-1eef-4302-a816-3f61e34bcd9d.original
04/12/2010 17:58 31,086 b029f2eb-1eef-4302-a816-3f61e34bcd9d.screen
04/12/2010 17:58 10,873 b029f2eb-1eef-4302-a816-3f61e34bcd9d.thumb
04/12/2010 17:58 85,995 b029f2eb-1eef-4302-a816-3f61e34bcd9d.zoom
04/12/2010 17:17 1,427,290 b510ee37-4c9c-47e4-967a-5af277786f5f.original
04/12/2010 17:17 46,751 b510ee37-4c9c-47e4-967a-5af277786f5f.screen
04/12/2010 17:17 15,649 b510ee37-4c9c-47e4-967a-5af277786f5f.thumb
04/12/2010 17:17 127,790 b510ee37-4c9c-47e4-967a-5af277786f5f.zoom
04/12/2010 16:30 734 booklogo_interior.thumb.png
04/12/2010 18:37 4,979 booklogo_interior_white.screen.png
04/12/2010 16:31 728 booklogo_interior_white.thumb.png
04/12/2010 17:54 2,219,118 c2e69d54-0456-4d4b-bcaa-f2776b738664.original
04/12/2010 17:56 57,902 c2e69d54-0456-4d4b-bcaa-f2776b738664.screen
04/12/2010 17:55 18,453 c2e69d54-0456-4d4b-bcaa-f2776b738664.thumb
04/12/2010 17:56 162,610 c2e69d54-0456-4d4b-bcaa-f2776b738664.zoom
04/12/2010 17:24 2,723,558 c4ccd084-9d70-4ea0-a7e8-687496a18cc9.original
04/12/2010 17:24 60,679 c4ccd084-9d70-4ea0-a7e8-687496a18cc9.screen
04/12/2010 17:24 18,615 c4ccd084-9d70-4ea0-a7e8-687496a18cc9.thumb
04/12/2010 17:24 177,479 c4ccd084-9d70-4ea0-a7e8-687496a18cc9.zoom
04/12/2010 17:54 2,826,497 c532a828-448c-4321-b02c-7cdd0c54ee73.original
04/12/2010 17:56 67,737 c532a828-448c-4321-b02c-7cdd0c54ee73.screen
04/12/2010 17:55 21,271 c532a828-448c-4321-b02c-7cdd0c54ee73.thumb
04/12/2010 17:55 197,236 c532a828-448c-4321-b02c-7cdd0c54ee73.zoom
04/12/2010 17:05 2,501,001 c5d75e35-1f0f-4f03-a6be-091eeb99dd46.original
04/12/2010 17:05 50,949 c5d75e35-1f0f-4f03-a6be-091eeb99dd46.screen
04/12/2010 17:05 16,141 c5d75e35-1f0f-4f03-a6be-091eeb99dd46.thumb
04/12/2010 17:05 149,280 c5d75e35-1f0f-4f03-a6be-091eeb99dd46.zoom
04/12/2010 18:01 2,125,299 cd7b507c-cf96-4a05-958c-f3a6eb60c09f.original
04/12/2010 18:01 36,669 cd7b507c-cf96-4a05-958c-f3a6eb60c09f.screen
04/12/2010 18:01 12,040 cd7b507c-cf96-4a05-958c-f3a6eb60c09f.thumb
04/12/2010 18:01 113,283 cd7b507c-cf96-4a05-958c-f3a6eb60c09f.zoom
04/12/2010 17:14 2,565,618 d00a6ca6-8ecd-4a3f-a964-7a6bb48c2754.original
04/12/2010 17:14 54,023 d00a6ca6-8ecd-4a3f-a964-7a6bb48c2754.screen
04/12/2010 17:14 17,267 d00a6ca6-8ecd-4a3f-a964-7a6bb48c2754.thumb
04/12/2010 17:14 153,964 d00a6ca6-8ecd-4a3f-a964-7a6bb48c2754.zoom
04/12/2010 17:04 2,652,976 d77d4269-e770-4c14-b0d2-5d93e7e4f1c8.original
04/12/2010 17:04 62,791 d77d4269-e770-4c14-b0d2-5d93e7e4f1c8.screen
04/12/2010 17:04 18,878 d77d4269-e770-4c14-b0d2-5d93e7e4f1c8.thumb
04/12/2010 17:04 186,624 d77d4269-e770-4c14-b0d2-5d93e7e4f1c8.zoom
04/12/2010 17:20 2,459,115 e13756bd-121f-4055-b489-0a3293661f7e.original
04/12/2010 17:20 61,188 e13756bd-121f-4055-b489-0a3293661f7e.screen
04/12/2010 17:20 19,179 e13756bd-121f-4055-b489-0a3293661f7e.thumb
04/12/2010 17:20 170,574 e13756bd-121f-4055-b489-0a3293661f7e.zoom
04/12/2010 17:54 2,403,844 e38ae7ab-ff20-42dd-97f3-51ecbd44b451.original
04/12/2010 17:55 61,702 e38ae7ab-ff20-42dd-97f3-51ecbd44b451.screen
04/12/2010 17:55 19,193 e38ae7ab-ff20-42dd-97f3-51ecbd44b451.thumb
04/12/2010 17:56 176,983 e38ae7ab-ff20-42dd-97f3-51ecbd44b451.zoom
04/12/2010 17:54 2,267,642 e582af68-7b18-400a-bf25-4c8944f47eb2.original
04/12/2010 17:55 58,561 e582af68-7b18-400a-bf25-4c8944f47eb2.screen
04/12/2010 17:55 18,156 e582af68-7b18-400a-bf25-4c8944f47eb2.thumb
04/12/2010 17:55 171,191 e582af68-7b18-400a-bf25-4c8944f47eb2.zoom
04/12/2010 17:28 2,407,828 e79d3218-4b83-4057-9086-7330ab4ad763.original
04/12/2010 17:28 60,258 e79d3218-4b83-4057-9086-7330ab4ad763.screen
04/12/2010 17:28 18,608 e79d3218-4b83-4057-9086-7330ab4ad763.thumb
04/12/2010 17:28 174,876 e79d3218-4b83-4057-9086-7330ab4ad763.zoom
04/12/2010 17:54 2,429,755 e7a45166-231d-40ea-a7ce-d79ebffb729b.original
04/12/2010 17:56 63,488 e7a45166-231d-40ea-a7ce-d79ebffb729b.screen
04/12/2010 17:55 19,937 e7a45166-231d-40ea-a7ce-d79ebffb729b.thumb
04/12/2010 17:56 179,023 e7a45166-231d-40ea-a7ce-d79ebffb729b.zoom
04/12/2010 17:23 2,375,845 ea8bb712-9983-4334-ba16-413486f6455f.original
04/12/2010 17:23 53,510 ea8bb712-9983-4334-ba16-413486f6455f.screen
04/12/2010 17:23 17,546 ea8bb712-9983-4334-ba16-413486f6455f.thumb
04/12/2010 17:23 150,057 ea8bb712-9983-4334-ba16-413486f6455f.zoom
04/12/2010 18:47 20,755 ee39c8d9-a4a9-4af2-952e-2c4c39ca95e2.original
04/12/2010 18:47 3,941 ee39c8d9-a4a9-4af2-952e-2c4c39ca95e2.screen
04/12/2010 18:47 1,846 ee39c8d9-a4a9-4af2-952e-2c4c39ca95e2.thumb
04/12/2010 18:47 3,941 ee39c8d9-a4a9-4af2-952e-2c4c39ca95e2.zoom
04/12/2010 17:10 2,664,150 f173d994-b462-4157-8103-672b12d88ee2.original
04/12/2010 17:10 62,061 f173d994-b462-4157-8103-672b12d88ee2.screen
04/12/2010 17:10 19,449 f173d994-b462-4157-8103-672b12d88ee2.thumb
04/12/2010 17:10 179,027 f173d994-b462-4157-8103-672b12d88ee2.zoom
04/12/2010 17:17 2,960,249 f2a7ee62-984c-41b8-b391-44229bb8dae0.original
04/12/2010 17:17 84,217 f2a7ee62-984c-41b8-b391-44229bb8dae0.screen
04/12/2010 17:17 9,421 f2a7ee62-984c-41b8-b391-44229bb8dae0.thumb
04/12/2010 17:18 228,784 f2a7ee62-984c-41b8-b391-44229bb8dae0.zoom
04/12/2010 17:04 2,704,038 f7f18a26-9241-4062-af78-7f8eadaea223.original
04/12/2010 17:04 65,736 f7f18a26-9241-4062-af78-7f8eadaea223.screen
04/12/2010 17:04 21,240 f7f18a26-9241-4062-af78-7f8eadaea223.thumb
04/12/2010 17:04 187,849 f7f18a26-9241-4062-af78-7f8eadaea223.zoom
04/12/2010 17:05 2,205,360 f942c58c-bff9-4e81-a288-55f149630aa2.original
04/12/2010 17:05 52,100 f942c58c-bff9-4e81-a288-55f149630aa2.screen
04/12/2010 17:05 17,004 f942c58c-bff9-4e81-a288-55f149630aa2.thumb
04/12/2010 17:05 144,862 f942c58c-bff9-4e81-a288-55f149630aa2.zoom
04/12/2010 17:24 2,294,264 fa1985eb-583c-492f-a5f7-30105df73387.original
04/12/2010 17:24 53,768 fa1985eb-583c-492f-a5f7-30105df73387.screen
04/12/2010 17:24 16,393 fa1985eb-583c-492f-a5f7-30105df73387.thumb
04/12/2010 17:24 156,661 fa1985eb-583c-492f-a5f7-30105df73387.zoom
04/12/2010 17:07 2,511,364 fb7b4d35-402f-4dab-96a0-9cffcea32269.original
04/12/2010 17:07 58,811 fb7b4d35-402f-4dab-96a0-9cffcea32269.screen
04/12/2010 17:07 18,575 fb7b4d35-402f-4dab-96a0-9cffcea32269.thumb
04/12/2010 17:07 168,682 fb7b4d35-402f-4dab-96a0-9cffcea32269.zoom
04/12/2010 17:13 2,533,642 fd5af0dc-ab8d-4b7f-b336-9d97ccbf78f1.original
04/12/2010 17:13 63,497 fd5af0dc-ab8d-4b7f-b336-9d97ccbf78f1.screen
04/12/2010 17:13 19,998 fd5af0dc-ab8d-4b7f-b336-9d97ccbf78f1.thumb
04/12/2010 17:13 183,807 fd5af0dc-ab8d-4b7f-b336-9d97ccbf78f1.zoom
04/12/2010 17:29 2,486,434 ff74fd59-42e6-42b9-9806-9cbc30a6cc69.original
04/12/2010 17:29 56,873 ff74fd59-42e6-42b9-9806-9cbc30a6cc69.screen
04/12/2010 17:29 17,752 ff74fd59-42e6-42b9-9806-9cbc30a6cc69.thumb
04/12/2010 17:29 164,985 ff74fd59-42e6-42b9-9806-9cbc30a6cc69.zoom
343 File(s) 229,614,610 bytes

Directory of C:\Users\Andrew\Downloads\Sherlock Holmes (2009) DVDSCR XviD-MAXSPEED

30/11/2010 14:12 <DIR> .
30/11/2010 14:12 <DIR> ..
27/11/2010 20:25 202,522 screencaps.jpg
01/12/2010 14:52 1,461,179,956 Sherlock Holmes (2009) DVDSCR XviD-MAXSPEED www.torentz.3xforum.ro.avi
27/11/2010 20:25 2,068 Sherlock Holmes (2009) DVDSCR XviD-MAXSPEED.nfo
27/11/2010 20:25 47 Torrent downloaded from Demonoid.com.txt
27/11/2010 20:25 33 Torrent downloaded from Rarbg.com.txt
27/11/2010 20:25 46 Torrent verified and recommended by vertor.com.txt
6 File(s) 1,461,384,672 bytes

Directory of C:\Users\Andrew\Downloads\StuffIt Deluxe 12

28/11/2010 21:21 <DIR> .
28/11/2010 21:21 <DIR> ..
28/11/2010 21:20 17,091,064 StuffIt12.0.0.17en.exe
28/11/2010 21:19 919 stuffitserial.txt
2 File(s) 17,091,983 bytes

Total Files Listed:
373 File(s) 3,053,774,808 bytes
26 Dir(s) 98,573,791,232 bytes free
  • 0

#8
SweetTech
Posted 06 December 2010 - 05:27 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
C:\Users\Andrew\Downloads\ATOMIC Nasjonaljazzscene Part1_2.mp4
C:\Users\Andrew\Downloads\DrJeckyll_And_His_Women.mp4
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

#9
coolbox
Posted 06 December 2010 - 05:57 PM

coolbox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hello,

Firstly, I asked the OTM to be saved on the desktop but it has not appeared. I saved it in the Documents and run, with following result:

========== FILES ==========
File move failed. C:\Users\Andrew\Downloads\ATOMIC Nasjonaljazzscene Part1_2.mp4 scheduled to be moved on reboot.
C:\Users\Andrew\Downloads\DrJeckyll_And_His_Women.mp4 moved successfully.

OTM by OldTimer - Version 3.1.17.2 log created on 12062010_234038

Files moved on Reboot...
C:\Users\Andrew\Downloads\ATOMIC Nasjonaljazzscene Part1_2.mp4 moved successfully.
Registry entries deleted on Reboot...

I run it again as the administrator and got this:


Error: Unable to interpret <========== FILES ==========> in the current context!
Error: Unable to interpret <File move failed. C:\Users\Andrew\Downloads\ATOMIC Nasjonaljazzscene Part1_2.mp4 scheduled to be moved on reboot.> in the current context!
Error: Unable to interpret <C:\Users\Andrew\Downloads\DrJeckyll_And_His_Women.mp4 moved successfully.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <OTM by OldTimer - Version 3.1.17.2 log created on 12062010_234038> in the current context!
Error: Unable to interpret <Files moved on Reboot...> in the current context!
Error: Unable to interpret <C:\Users\Andrew\Downloads\ATOMIC Nasjonaljazzscene Part1_2.mp4 moved successfully.> in the current context!
Error: Unable to interpret <Registry entries deleted on Reboot...> in the current context!

OTM by OldTimer - Version 3.1.17.2 log created on 12062010_234653

Then, I realised I run the application through 'find' (it showed it twice - OMT is invisible on my desktop!). I had another go from the version saved in Documents and received this:

========== FILES ==========
File/Folder C:\Users\Andrew\Downloads\ATOMIC Nasjonaljazzscene Part1_2.mp4 not found.
File/Folder C:\Users\Andrew\Downloads\DrJeckyll_And_His_Women.mp4 not found.

OTM by OldTimer - Version 3.1.17.2 log created on 12062010_235217

I checked Downloads folder. The files have gone. What is the Desktop folder in my Downloads? I didn't create it and it keeps re-appearing. Something is playing with my computer.
  • 0

#10
SweetTech
Posted 06 December 2010 - 05:59 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Let me get a full look at your computer to see what else is going on.


Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:




OTL Custom Scan


  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Posted Image is selected.
  • Make sure you check Posted Image
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Posted Image box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Posted Image button and navigate to the file scan.txt which we just saved to your desktop.
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box.
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open up a notepad window (OTL.txt). This file will be saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the content of the OTL.txt file, and post them in your topic

  • 0

Advertisements

#11
coolbox
Posted 06 December 2010 - 06:13 PM

coolbox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I run Unhooker as admin but saved the report to Documents. I cannot see anything I'm downloading on the desktop.
Here are the contents, I am about to download & run TFL.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8FA06000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7221248 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82A06000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82A06000 PnpManager 3903488 bytes
0x82A06000 RAW 3903488 bytes
0x82A06000 WMIxWDM 3903488 bytes
0x92C0E000 C:\Windows\system32\drivers\RTKVHDA.sys 2146304 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x9CC10000 Win32k 2109440 bytes
0x9CC10000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB8801000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101206.002\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0x8AC0F000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8AA05000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x92EA9000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x90400000 C:\Windows\system32\DRIVERS\athr.sys 966656 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x93007000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x98C0C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x94C30000 C:\Windows\System32\Drivers\dump_iaStor.sys 843776 bytes
0x8A602000 C:\Windows\system32\DRIVERS\iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x92253000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8A92A000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x94534000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0x8A806000 C:\Windows\system32\drivers\NAV\1201000.025\SYMEFA.SYS 692224 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x900E9000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8A769000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x98D2F000 C:\Windows\System32\Drivers\NAV\1201000.025\SRTSP.SYS 528384 bytes (Symantec Corporation, Symantec AutoProtect)
0x80606000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8A8B9000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xB100D000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x944A1000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x94446000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101201.001\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
0x93122000 C:\Windows\system32\drivers\NAV\1201000.025\SYMTDIV.SYS 360448 bytes (Symantec Corporation, Network Dispatch Driver)
0x8A712000 C:\Windows\system32\drivers\NAV\1201000.025\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store)
0x8AB76000 C:\Windows\system32\DRIVERS\yk60x86.sys 323584 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0xB117E000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9CE60000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x80738000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x931B4000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068F000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80494000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x80792000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x901A1000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x92E6C000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x94400000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8AB3B000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xB1105000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8AD1F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x9220D000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82DBF000 ACPI_HAL 208896 bytes
0x82DBF000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8A6D0000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9231E000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x905B9000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x92E1A000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8AB10000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x90553000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x805C5000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x94D6A000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x94CFE000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB1156000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8AD6F000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E6000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9317A000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0x92E47000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x92387000 C:\Windows\system32\drivers\NAV\1201000.025\Ironx86.SYS 143360 bytes (Symantec Corporation, Iron Driver)
0x8ABDC000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8ADA7000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB10C5000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x923C1000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x92FCF000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xB10E6000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x944FF000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB107A000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x930F1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x94D3F000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9051B000 C:\Windows\system32\DRIVERS\rimsptsk.sys 106496 bytes (REDC, RICOH MS Driver)
0xB1097000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9058E000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB113E000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9451D000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8ABC5000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x923AA000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8963000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x92350000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9310C000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xB10B0000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x807E7000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x94C0E000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x98D08000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0xB894F000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101206.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x807D3000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x931A0000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x90535000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x94D9E000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x92374000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x923EB000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0x98D1D000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB11E4000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x8AD96000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x92242000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x9050A000 C:\Windows\system32\DRIVERS\risdptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x8A702000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x945E9000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x94D5A000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80782000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x904EC000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x805B5000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x905A6000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x94D30000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8AD60000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070D000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8AC00000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x901DF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80729000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x904FC000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9CE50000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x92366000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x92307000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x94C23000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x901EE000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x805EF000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80682000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x98CF4000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x92FC3000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9018A000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x90548000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x90580000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x92C00000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8ADF2000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x92200000 C:\Windows\system32\drivers\NAV\1201000.025\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0x905E8000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8ADDE000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90196000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8071F000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x94D26000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8A7F6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x94D94000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9443C000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8A8AF000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x98CEA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x923E2000 C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 36864 bytes (ArcSoft, Inc., -)
0x8ADC8000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x92FAC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x945E0000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB8979000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x92315000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9CE30000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8ADE9000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D5000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8048C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x94C06000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DE000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x92FF0000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x92FF8000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x905F3000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8AD58000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x98D00000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x92FBC000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x945F9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80404000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x92FB5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8A9F8000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x905B5000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB11F5000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8071C000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x9058B000 C:\Windows\system32\DRIVERS\SFEP.sys 12288 bytes (Sony Corporation, Sony Firmware Extension Parser driver)
0x905FB000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9057E000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x9451C000 C:\Windows\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
==============================================
>Stealth
==============================================
0x00AE0000 Hidden Image-->SPMDrv.dll [ EPROCESS 0x8A59B408 ] PID: 3604, 45056 bytes
0x00390000 Hidden Image-->SPMDam.dll [ EPROCESS 0x897BD950 ] PID: 2716, 53248 bytes
0x00AD0000 Hidden Image-->SPMDam.dll [ EPROCESS 0x8A59B408 ] PID: 3604, 53248 bytes
0x10000000 Hidden Image-->VAIOUpdt.exe.mui [ EPROCESS 0x89962610 ] PID: 3932, 888832 bytes
0x00370000 Hidden Image-->SPMCommon.dll [ EPROCESS 0x897BD950 ] PID: 2716, 94208 bytes
0x00A90000 Hidden Image-->SPMCommon.dll [ EPROCESS 0x8A59B408 ] PID: 3604, 94208 bytes
  • 0

#12
SweetTech
Posted 06 December 2010 - 06:15 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. Go ahead and run OTL now.
  • 0

#13
coolbox
Posted 06 December 2010 - 06:25 PM

coolbox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Just finished with OTL. Here is the report:

OTL logfile created on: 07/12/2010 00:19:03 - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = c:\Users\Andrew\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 92.02 Gb Free Space | 41.21% Space Free | Partition Type: NTFS
Drive G: | 465.65 Gb Total Space | 359.22 Gb Free Space | 77.15% Space Free | Partition Type: FAT32

Computer Name: VAIO | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/07 00:13:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\Andrew\Desktop\OTL.exe
PRC - [2010/11/06 15:06:14 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/09/16 20:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/09/01 20:13:40 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/07/23 05:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2010/06/16 21:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/05/23 05:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/09 12:37:34 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2009/12/27 14:59:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/09/11 13:14:00 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/12/09 09:27:52 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe
PRC - [2008/12/09 09:27:52 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/06 00:53:56 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\Network Utility\NSUService.exe
PRC - [2008/10/17 10:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/05 18:56:58 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Power Management\SPMService.exe
PRC - [2008/09/05 18:54:58 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Power Management\SPMgr.exe
PRC - [2008/08/22 00:08:02 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/04/04 04:32:48 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe
PRC - [2008/01/31 08:37:02 | 000,157,016 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe


========== Modules (SafeList) ==========

MOD - [2010/12/07 00:13:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\Andrew\Desktop\OTL.exe
MOD - [2010/10/02 19:31:55 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/10/02 19:31:55 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/04 19:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009/12/08 09:52:10 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2009/11/22 00:50:13 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/10/10 22:25:14 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL
MOD - [2009/10/10 22:25:09 | 003,783,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll
MOD - [2009/09/25 02:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/11 06:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009/04/11 06:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/11 06:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/11 06:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/03/22 02:36:21 | 000,043,160 | ---- | M] (Autodesk, Inc.) -- C:\Windows\System32\AcSignIcon.dll
MOD - [2009/03/22 02:31:54 | 000,515,736 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
MOD - [2008/01/21 02:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/21 02:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008/01/21 02:24:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2008/01/21 02:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/09/01 20:13:40 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/07/23 05:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe -- (NAV)
SRV - [2010/05/23 05:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/09 12:37:34 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/05/27 16:20:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/02 00:15:30 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/12/09 09:27:52 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/06 00:53:56 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/10/21 18:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 18:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 18:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 10:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/05 18:56:58 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/01/31 08:37:02 | 000,157,016 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrew\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2010/11/23 02:20:07 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/09 00:50:30 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101201.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/18 00:47:33 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/17 00:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101206.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/17 00:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101206.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/07/29 03:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SYMEFA.SYS -- (SymEFA)
DRV - [2010/07/29 02:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1201000.025\SRTSP.SYS -- (SRTSP)
DRV - [2010/07/29 02:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/07/13 01:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/06/27 04:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\Ironx86.SYS -- (SymIRON)
DRV - [2010/06/13 10:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1201000.025\SYMDS.SYS -- (SymDS)
DRV - [2010/05/27 21:20:10 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 21:20:10 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/13 23:13:24 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/11 04:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/09 12:38:28 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/10/20 14:57:20 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/17 10:50:31 | 002,149,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/07 01:47:20 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/03 00:00:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/08/22 23:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/08/22 00:07:56 | 002,377,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/08/22 00:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/06/28 00:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/07 00:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/05/28 00:07:16 | 000,310,272 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/04/24 22:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/04/22 00:20:41 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/01/25 02:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/25 02:14:16 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/01/25 02:14:12 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/01/25 02:14:12 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/08/29 15:50:48 | 000,039,168 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US122Wdm.sys -- (Us122WdmService)
DRV - [2007/08/29 15:50:34 | 000,018,304 | ---- | M] (Frontier Design Group) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US122DL.sys -- (US122DL)
DRV - [2007/08/29 15:50:02 | 000,131,968 | ---- | M] (Frontier Design Group, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\US122.sys -- (US122)
DRV - [2007/03/10 02:42:50 | 000,181,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.woofi.info


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1199681841-930051517-992224534-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1199681841-930051517-992224534-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKU\S-1-5-21-1199681841-930051517-992224534-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.woofi.info"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {203FB6B2-2E1E-4474-863B-4C483ECCE78E}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010/10/18 00:53:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\ [2010/07/03 10:28:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/05 13:03:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/05 13:03:20 | 000,000,000 | ---D | M]

[2009/05/16 00:33:24 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2009/05/16 00:33:24 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/11/28 00:41:12 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\20yzwem3.default\extensions
[2010/07/01 20:57:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\20yzwem3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/11 22:45:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\20yzwem3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/11 22:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\20yzwem3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}-trash
[2009/06/11 21:59:30 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\20yzwem3.default\extensions\[email protected]
[2010/07/03 12:17:36 | 000,002,465 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\20yzwem3.default\searchplugins\safesearch.xml
[2010/10/25 19:23:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 21:17:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/25 23:29:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 19:23:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/23 01:23:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/11/23 01:23:51 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/11/23 01:23:51 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/11/23 01:23:51 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/12/06 21:33:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1199681841-930051517-992224534-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1199681841-930051517-992224534-1003\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-1199681841-930051517-992224534-1003..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-1199681841-930051517-992224534-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1199681841-930051517-992224534-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1199681841-930051517-992224534-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1199681841-930051517-992224534-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1199681841-930051517-992224534-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1199681841-930051517-992224534-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1199681841-930051517-992224534-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1199681841-930051517-992224534-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Andrew\Pictures\Desktop.jpg
O24 - Desktop BackupWallPaper: C:\Users\Andrew\Pictures\Desktop.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/10 22:52:22 | 000,000,000 | ---D | M] - G:\Autodesk AutoCAD 2010 -- [ FAT32 ]
O33 - MountPoints2\{27e4d202-b976-11de-aa52-001dbaeab1b7}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {17BAF705-276F-4435-8DD3-79A6524618C0} - NoIE8Tour
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A056D1D-F138-D08D-11BD-5C091C7E46A8} -
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {664455DF-0D55-20CA-22C3-A5316B6729A0} - Themes Setup
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C1F3A7F-529C-945F-3551-C40DE09D2141} - Microsoft Windows Media Player
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {A8278586-D38D-FCC7-B168-9BF3686D29D7} - Internet Explorer
ActiveX: {B4E5D9E6-8882-DB4E-B018-01B16B2D4226} -
ActiveX: {B840F7BB-471D-885E-0EAD-8BFBBFD213BD} - Yahoo! Toolbar
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE5706D2-FEB4-BBE9-9627-53BEFA132E93} - Microsoft Windows Media Player
ActiveX: {D01C6715-DDEA-4D01-A09D-704426950B11} - Yahoo! Search Settings Update
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DF49F510-1F92-4EF3-6487-B2329D718B4F} - Yahoo! Toolbar
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: >{79B243E3-585A-45FE-9B4A-B74E4DF3BE32} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 23:40:38 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/12/06 23:39:43 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Documents\OTM.exe
[2010/12/05 22:10:22 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Spotify
[2010/12/05 22:10:22 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Spotify
[2010/12/05 22:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2010/12/05 13:52:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/29 00:31:59 | 000,000,000 | ---D | C] -- C:\MP_ROOT
[2010/11/28 21:25:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Smith Micro
[2010/11/28 21:25:13 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\My Archives
[2010/11/28 21:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Smith Micro
[2010/11/28 21:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2010/11/25 19:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/11/25 17:49:26 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\RIBA docs
[2010/11/25 14:43:47 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Tracing
[2010/11/25 14:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/11/25 14:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/11/23 21:54:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Media Player Classic
[2010/11/23 21:37:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010/11/23 20:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\AoA Video Joiner
[2010/11/23 20:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/11/08 23:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/11/08 23:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

========== Files - Modified Within 30 Days ==========

[2010/12/07 00:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/06 23:49:00 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/06 23:49:00 | 000,111,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/06 23:42:38 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/06 23:42:26 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/06 23:42:26 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/06 23:42:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/06 23:42:09 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/06 23:39:47 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Documents\OTM.exe
[2010/12/06 20:32:46 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010/12/05 22:10:20 | 000,000,794 | ---- | M] () -- C:\Users\Andrew\Downloads\Desktop\Spotify.lnk
[2010/12/04 16:05:34 | 000,012,154 | ---- | M] () -- C:\Users\Andrew\Documents\HTML code for group txt.docx
[2010/12/04 15:51:39 | 000,231,936 | ---- | M] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/04 08:09:10 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/12/03 20:18:02 | 000,029,184 | ---- | M] () -- C:\Users\Andrew\Documents\group related comments.doc
[2010/12/03 10:53:41 | 000,002,401 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/29 00:36:29 | 000,242,222 | ---- | M] () -- C:\Users\Andrew\Documents\in transit.vce.vmp
[2010/11/29 00:35:59 | 000,247,162 | ---- | M] () -- C:\Users\Andrew\Documents\in transit.vce
[2010/11/27 15:01:47 | 000,001,768 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Movie Maker.lnk
[2010/11/25 14:08:01 | 000,000,988 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mahjong - Shortcut.lnk
[2010/11/25 14:07:47 | 000,000,792 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\GoldWave - Shortcut.lnk
[2010/11/25 14:07:16 | 000,001,063 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\DiskDefrag - Shortcut.lnk
[2010/11/24 17:25:17 | 000,035,350 | ---- | M] () -- C:\Users\Andrew\Documents\on-line ref.rtf
[2010/11/23 17:54:13 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\BookSmart.lnk
[2010/11/23 17:54:13 | 000,001,698 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\BookSmart.lnk
[2010/11/22 10:50:58 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/20 11:47:31 | 000,000,748 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\TFC - Shortcut.lnk
[2010/11/15 01:25:49 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/11/08 23:04:42 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

========== Files Created - No Company Name ==========

[2010/12/05 22:10:20 | 000,000,794 | ---- | C] () -- C:\Users\Andrew\Downloads\Desktop\Spotify.lnk
[2010/12/05 18:25:15 | 3081,801,728 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/29 00:36:29 | 000,242,222 | ---- | C] () -- C:\Users\Andrew\Documents\in transit.vce.vmp
[2010/11/29 00:35:59 | 000,247,162 | ---- | C] () -- C:\Users\Andrew\Documents\in transit.vce
[2010/11/27 15:01:47 | 000,001,768 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Movie Maker.lnk
[2010/11/25 19:43:41 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/11/25 14:08:01 | 000,000,988 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mahjong - Shortcut.lnk
[2010/11/25 14:07:47 | 000,000,792 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\GoldWave - Shortcut.lnk
[2010/11/25 14:07:16 | 000,001,063 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\DiskDefrag - Shortcut.lnk
[2010/11/23 21:48:08 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/11/23 20:07:56 | 000,497,664 | ---- | C] () -- C:\Windows\System32\ac3filter.acm
[2010/11/23 17:54:13 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\BookSmart.lnk
[2010/11/23 17:54:13 | 000,001,698 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\BookSmart.lnk
[2010/11/22 13:07:20 | 000,002,401 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/11/22 10:50:58 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/20 11:47:31 | 000,000,748 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\TFC - Shortcut.lnk
[2010/11/08 23:05:08 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/11/08 23:04:42 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/10/15 13:56:58 | 000,001,940 | ---- | C] () -- C:\Users\Andrew\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/12 22:14:22 | 000,000,539 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Rim.Desktop.Exception.log
[2010/08/10 18:33:05 | 000,001,602 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/01/18 10:49:57 | 000,027,400 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/01/04 15:24:10 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/12/11 10:24:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/09 17:42:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/05 16:32:18 | 000,025,773 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\UserTile.png
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/16 13:28:50 | 000,231,936 | ---- | C] () -- C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/14 14:02:44 | 000,002,032 | ---- | C] () -- C:\Users\Andrew\AppData\Local\d3d9caps.dat
[2008/11/27 22:09:34 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/10/22 18:39:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2008/10/22 18:38:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/22 18:38:29 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/03/04 10:16:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Jpeg32.dll

========== LOP Check ==========

[2010/02/12 10:41:28 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Amazon
[2009/12/08 23:48:05 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Auslogics
[2009/10/14 13:57:51 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Autodesk
[2010/12/05 00:38:06 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\BitTorrent
[2009/10/14 23:38:05 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Bytemobile
[2009/05/16 12:14:05 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Canon
[2009/07/27 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/25 18:34:30 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DNA
[2010/10/18 10:36:47 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DriverCure
[2010/06/20 14:25:06 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Facebook
[2009/05/16 00:33:12 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Flickr
[2010/03/29 15:26:29 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Graphisoft
[2009/06/13 11:09:46 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\InterVideo
[2010/10/20 10:27:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Notepad++
[2010/07/15 22:38:45 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\OpenDNS Updater
[2010/10/18 10:36:46 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ParetoLogic
[2009/11/05 16:32:18 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\PeerNetworking
[2010/10/03 14:18:52 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Publish Providers
[2010/08/12 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Research In Motion
[2009/05/20 16:41:04 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\River Past G5
[2010/01/10 14:48:39 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Sammsoft
[2009/05/14 20:16:45 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ScanSoft
[2009/12/28 23:54:02 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Sony
[2010/12/05 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Spotify
[2010/01/27 23:37:17 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Tific
[2009/10/11 16:13:59 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Vodafone
[2010/12/06 23:41:06 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/06 20:32:46 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#14
SweetTech
Posted 06 December 2010 - 06:30 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrew\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1199681841-930051517-992224534-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O33 - MountPoints2\{27e4d202-b976-11de-aa52-001dbaeab1b7}\Shell - "" = AutoRun
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



How are things running?
  • 0

#15
coolbox
Posted 06 December 2010 - 06:30 PM

coolbox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
P.S. I forgot to write this as another symptom. My Firefox acts strange. When I open it up, something called wofi.net (I think) is heading the google site (my usual homepage), instead of google.co.uk. Other browsers are healthy.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP