Hi again. I've been asked to look at a desktop that appears to have a virus. After login the system seems to jam up, the mouse cursor is very jerky for a time before stopping entirely. There's little disk activity.
System boots fine in safe mode, also runs Knoppix ok. Memtest run overnight, no errors.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:03:25, on 19/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
K:\Windows\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Barclays Business Manager] C:\Program Files\Barclays\Business Manager\bin\BarclaysBusinessManager.exe /server
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1204716880890
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7447 bytes
Hello again srowe,
One default setting that probably isn't malware, but other than that, no malware showing here. You do have that Logitech Desktop Messenger installed, which runs every startup and all the time, monitors system activities and sends reports back to Logitech. So considered spyware. It can be deleted through Add/Remove Programs without issues.
Let's get a more detailed look.
To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.
------------------
Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.
-----------
Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.
Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).
When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
-----------
Download aswMBR ( 511KB ) to your desktop.
- Double click the aswMBR.exe icon to run it
- Decline a download of avast itself if offered
- If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
- Click the Scan button to start the scan
- On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
A lot, but comprehensive, and will make sure we get a good view of everything.
Lebe den Tag!
Jintan - Die Marke, bei der alles stimmt!
LDM removed, OTL logs follow.
OTL logfile created on: 20/07/2011 18:39:56 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = K:\Windows
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 86.18% Memory free
3.85 Gb Paging File | 3.78 Gb Available in Paging File | 98.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 122.07 Gb Total Space | 91.74 Gb Free Space | 75.16% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 176.02 Gb Total Space | 142.46 Gb Free Space | 80.93% Space Free | Partition Type: NTFS
Drive K: | 14.90 Gb Total Space | 7.39 Gb Free Space | 49.61% Space Free | Partition Type: FAT32
Computer Name: ROS-31103EB0DDC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/20 07:38:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- K:\Windows\OTL.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2011/07/20 07:38:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- K:\Windows\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/21 15:52:48 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Disabled | Stopped] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006/10/16 22:13:28 | 000,230,944 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/03/31 03:02:40 | 000,377,856 | ---- | M] (XIMETA, Inc.) [Auto | Stopped] -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc)
========== Driver Services (SafeList) ==========
DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/01/22 09:25:26 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/28 10:09:30 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/03/28 10:09:30 | 000,039,264 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/03/28 10:09:25 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/10/16 11:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/08/12 04:28:58 | 000,798,464 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/31 03:03:12 | 000,120,704 | ---- | M] (XIMETA, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lfsfilt.sys -- (lfsfilt)
DRV - [2005/03/31 03:02:20 | 000,109,184 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\lpx.sys -- (lpx)
DRV - [2005/03/31 03:02:20 | 000,091,392 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi)
DRV - [2005/03/31 03:02:20 | 000,039,168 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus)
DRV - [2002/11/18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-746137067-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/02 13:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/29 23:19:28 | 000,000,000 | ---D | M]
[2011/07/18 21:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/06/02 13:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2008/12/18 12:14:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/02 22:25:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/06/28 10:53:49 | 000,437,844 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15075 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Barclays Business Manager] C:\Program Files\Barclays\Business Manager\bin\BarclaysBusinessManager.exe ( )
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1202660629-746137067-839522115-500..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe (XIMETA, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe (Palo Alto Software)
O4 - Startup: C:\Documents and Settings\Chris\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Ros\Start Menu\Programs\Startup\Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
O4 - Startup: C:\Documents and Settings\Ros\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explor er: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explor er: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1204716880890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/05 11:56:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 13:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- [2007/10/23 08:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/18 21:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/07/18 21:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/07/18 21:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/07/18 21:29:12 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/18 21:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/07/18 21:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/07/18 21:02:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/18 20:41:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/06/29 23:19:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2008/12/23 09:32:46 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/20 18:37:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/20 18:37:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/18 22:12:09 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2011/07/18 21:47:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2011/07/18 21:47:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2011/07/18 21:29:12 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/14 15:57:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2011/07/14 15:57:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2011/07/14 09:48:12 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 23:52:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 23:51:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2011/07/13 23:51:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2011/07/13 22:04:22 | 000,001,268 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2011/07/12 16:31:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2011/07/12 16:31:33 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2011/07/11 23:18:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2011/07/11 23:18:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2011/07/08 23:13:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2011/07/08 23:13:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2011/07/07 22:02:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2011/07/07 22:02:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2011/07/07 09:46:59 | 000,441,908 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/07 09:46:58 | 000,071,908 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/05 15:38:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2011/07/05 15:38:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2011/07/04 22:39:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2011/07/04 22:39:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2011/07/04 15:31:52 | 000,001,914 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 12:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/03 23:13:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2011/07/03 23:13:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2011/07/01 18:01:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2011/07/01 18:01:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2011/06/30 23:06:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/06/30 23:06:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/06/29 23:19:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2011/06/29 23:19:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2011/06/29 23:19:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/28 23:30:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2011/06/28 23:30:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/06/28 10:53:49 | 000,437,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/27 23:27:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2011/06/27 23:27:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2011/06/27 21:53:08 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/24 20:25:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2011/06/24 20:25:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2011/06/23 22:56:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2011/06/23 22:56:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2011/06/22 22:50:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2011/06/22 22:50:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2011/06/21 22:56:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2011/06/21 22:56:43 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2011/06/21 12:07:37 | 000,000,148 | ---- | M] () -- C:\WINDOWS\System32\SageInformer50.ssf
[2011/06/20 23:38:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2011/06/20 23:38:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/18 22:12:31 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 8.0.lnk
[2011/07/18 22:12:31 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk
[2011/07/18 22:12:31 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2009/07/27 15:15:32 | 000,001,205 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2009/07/24 11:33:22 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/07/24 11:33:16 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/07/24 11:33:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/07/24 11:33:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/07/24 11:33:08 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/07/24 11:33:04 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2009/07/24 11:32:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2009/07/24 11:32:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2009/07/24 11:32:48 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/07/24 11:32:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/07/24 11:32:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2009/07/24 11:32:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2009/07/24 11:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/05/13 16:07:16 | 000,000,500 | ---- | C] () -- C:\WINDOWS\P11D2009.ini
[2009/05/13 16:06:43 | 000,001,073 | ---- | C] () -- C:\WINDOWS\PSTax2009.ini
[2008/12/31 13:06:40 | 000,000,265 | ---- | C] () -- C:\WINDOWS\KeyAccountsV3.ini
[2008/12/23 09:33:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2008/12/23 09:33:26 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/12/01 15:37:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2008/12/01 15:36:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2008/12/01 15:36:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2008/12/01 15:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2008/12/01 15:36:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2008/12/01 15:35:56 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2008/12/01 15:35:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2008/12/01 15:35:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2008/11/26 17:59:11 | 000,787,456 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2008/05/30 13:06:53 | 000,000,500 | ---- | C] () -- C:\WINDOWS\P11D2008.ini
[2008/05/14 15:00:43 | 000,000,603 | ---- | C] () -- C:\WINDOWS\pstax2007.ini
[2008/05/14 13:50:08 | 000,000,094 | ---- | C] () -- C:\WINDOWS\KeytimeDBManager.ini
[2008/05/14 13:50:03 | 000,000,498 | ---- | C] () -- C:\WINDOWS\P11D2007.ini
[2008/05/14 13:50:02 | 000,000,881 | ---- | C] () -- C:\WINDOWS\Keytime Payroll.ini
[2008/05/14 13:50:00 | 000,000,330 | ---- | C] () -- C:\WINDOWS\KeyAccountsV2.ini
[2008/05/14 13:49:59 | 000,000,715 | ---- | C] () -- C:\WINDOWS\PSCorporationTax.ini
[2008/05/14 13:49:49 | 000,000,584 | ---- | C] () -- C:\WINDOWS\PSTax2008.ini
[2008/05/14 12:31:41 | 000,000,534 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2008/05/14 12:13:19 | 000,000,304 | ---- | C] () -- C:\WINDOWS\DPEC.INI
[2008/05/14 12:10:20 | 000,001,914 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/27 16:36:19 | 000,019,904 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/04/18 13:11:55 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/28 10:37:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/03/28 10:36:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/23 13:05:25 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLcNL.DLL
[2008/03/23 11:05:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/20 21:34:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/03/20 21:21:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CmiPCIUninstall.exe
[2008/03/20 21:21:55 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.exe
[2008/03/20 21:21:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2008/03/05 19:50:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/03/05 11:58:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/05 11:54:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/05 07:53:36 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/03/05 07:53:35 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/05 07:53:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/03/05 07:53:35 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008/03/05 07:53:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/03/05 07:53:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/03/05 07:53:33 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/03/05 07:53:33 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/03/05 07:53:31 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/03/05 07:53:25 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/03/05 07:34:28 | 000,004,473 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/05 07:31:48 | 000,134,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/21 03:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/21 03:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/27 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 13:00:00 | 000,441,908 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 13:00:00 | 000,071,908 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/01 16:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 16:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2004/09/14 15:14:46 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2004/08/10 16:29:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE
[2004/07/10 19:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/06/09 10:57:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Install.exe
[2002/11/19 16:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 16:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[1999/10/25 10:53:58 | 000,003,975 | ---- | C] () -- C:\WINDOWS\Sage.ini
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\TMailRL.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\TMail3FL.SYS
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\rlfnlf.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\flfnlf.sys
< End of report >
OTL Extras logfile created on: 20/07/2011 18:39:56 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = K:\Windows
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 86.18% Memory free
3.85 Gb Paging File | 3.78 Gb Available in Paging File | 98.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 122.07 Gb Total Space | 91.74 Gb Free Space | 75.16% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 176.02 Gb Total Space | 142.46 Gb Free Space | 80.93% Space Free | Partition Type: NTFS
Drive K: | 14.90 Gb Total Space | 7.39 Gb Free Space | 49.61% Space Free | Partition Type: FAT32
Computer Name: ROS-31103EB0DDC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrServi ce]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPo rts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpen Ports\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedAppl ications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedAp plications\List]
"D:\Installation\Setupx.exe" = D:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup
"C:\WINDOWS\LMI8E.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI8E.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03EE0588-F88D-47A8-B522-290DAA62F824}" = MindLeaders Courses
"{047E5F60-5357-43FB-A080-1912EB0132A4}" = FlashMenu
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D6B082B-3441-45C4-B4AB-FCDB1FEA98D7}" = Business Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2DBCB438-B761-4CB0-9798-4090945F38A1}" = Keytime Accountant Suite Update
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3149E7AA-26E9-4BDE-BA68-F8B00975CE31}" = Keytime Accountant Suite Update
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DAE99-69F1-4AC5-A837-26AA8D0E7FD4}" = Keytime Accountants Suite
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser
"{4CF7A0FC-2107-4333-8A57-5A9485658612}" = Keytime Accountant Suite Update
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{7061F715-D782-4120-A034-2B4B4F28CC1D}" = Accounts
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77213A6F-0DD6-4A78-A324-0C3506D843ED}" = EASEUS Partition Manager 1.6.2
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9B4F367E-94AD-40A4-8060-460CE4A98C45}" = SageAcc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0B4A83E-59A5-42F6-8F2A-53878982098F}" = Keytime Suite 2011 Update
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D5B6910D-FAAB-484D-BC56-329E270535F8}" = Palo Alto Software's Application Manager 8.1
"{D9A34304-A7E3-4FDE-ADDA-B7DFD264080A}" = Freecom Network Drive Software 3.10.1229
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5035ABF-30A6-481E-A7AC-FCE382DB2F3E}" = Marketing Plan Pro 7.0 (UK)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F665F420-1F89-4A1D-9102-3CD28D41F333}" = Keytime Suite 2011
"{FCE36321-4CCB-4002-9EEF-382ADC9E8D92}" = Keytime Accountant Suite Update
"{FFB5CF41-4E42-4F1D-BA90-B690563AE333}" = Keytime Accountant Suite Update
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AIDA32_is1" = AIDA32 v3.93
"Apache Web Server" = Apache Web Server
"avast" = avast! Free Antivirus
"C-Media PCI Audio Driver" = C-Media WDM Audio Driver
"C-Media PCI Sound" = C-Media PCI Audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8C E.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{7061F715-D782-4120-A034-2B4B4F28CC1D}" = Sage 50 Accounts 2010
"InstallShield_{9B4F367E-94AD-40A4-8060-460CE4A98C45}" = Sage Accounts V11.00
"Karen's Replicator" = Karen's Replicator
"Keytime Accountants Suite Update" = Keytime Accountants Suite Update
"Keytime Accountants Suite v2008" = Keytime Accountants Suite v2008
"Keytime Accountants Suite v2009" = Keytime Accountants Suite v2009
"Keytime Objective Suite Update" = Keytime Objective Suite Update
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"PCI Audio Driver" = PCI Audio Driver
"Picasa 3" = Picasa 3
"Sage MIS 3.01" = Sage MIS 3.01
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2007
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 02/10/2008 10:57:41 | Computer Name = ROS-31103EB0DDC | Source = avast! | ID = 33554522
Description =
Error - 02/10/2008 10:58:23 | Computer Name = ROS-31103EB0DDC | Source = avast! | ID = 33554522
Description =
Error - 02/10/2008 10:59:17 | Computer Name = ROS-31103EB0DDC | Source = avast! | ID = 33554522
Description =
Error - 26/11/2008 13:46:43 | Computer Name = ROS-31103EB0DDC | Source = avast! | ID = 33554522
Description =
Error - 01/12/2008 09:17:34 | Computer Name = ROS-31103EB0DDC | Source = avast! | ID = 33554522
Description =
Error - 03/12/2008 07:46:38 | Computer Name = ROS-31103EB0DDC | Source = avast! | ID = 33554522
Description =
Error - 19/03/2009 11:25:42 | Computer Name = ROS-31103EB0DDC | Source = avast! | ID = 33554522
Description =
Error - 19/03/2009 11:26:45 | Computer Name = ROS-31103EB0DDC | Source = avast! | ID = 33554522
Description =
Error - 17/04/2009 10:07:52 | Computer Name = ROS-31103EB0DDC | Source = avast! | ID = 33554522
Description =
Error - 10/03/2010 12:54:08 | Computer Name = ROS-31103EB0DDC | Source = avast! | ID = 33554522
Description =
[ System Events ]
Error - 20/07/2011 13:37:40 | Computer Name = ROS-31103EB0DDC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 20/07/2011 13:37:45 | Computer Name = ROS-31103EB0DDC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 20/07/2011 13:38:06 | Computer Name = ROS-31103EB0DDC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 20/07/2011 13:38:17 | Computer Name = ROS-31103EB0DDC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 20/07/2011 13:38:46 | Computer Name = ROS-31103EB0DDC | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31
Error - 20/07/2011 13:38:46 | Computer Name = ROS-31103EB0DDC | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 20/07/2011 13:38:46 | Computer Name = ROS-31103EB0DDC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31
Error - 20/07/2011 13:38:46 | Computer Name = ROS-31103EB0DDC | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 20/07/2011 13:38:46 | Computer Name = ROS-31103EB0DDC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips IPSec lfsfilt MRxSmb NetBIOS NetBT RasAcd
Rdbss
Tcpip
Error - 20/07/2011 13:39:14 | Computer Name = ROS-31103EB0DDC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-20 21:09:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD3200AAKS-00B3A0 rev.01.03A01
Running: xu7neggy.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwryaaow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
---- EOF - GMER 1.0.15 ----
aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-20 21:10:43
-----------------------------
21:10:43.703 OS Version: Windows 5.1.2600 Service Pack 3
21:10:43.703 Number of processors: 2 586 0x6B02
21:10:43.703 ComputerName: ROS-31103EB0DDC UserName: Administrator
21:10:44.359 Initialize success
21:10:45.500 AVAST engine defs: 11071800
21:11:03.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
21:11:03.953 Disk 0 Vendor: WDC_WD3200AAKS-00B3A0 01.03A01 Size: 305245MB BusType: 3
21:11:03.968 Disk 0 MBR read successfully
21:11:03.968 Disk 0 MBR scan
21:11:04.515 Disk 0 Windows XP default MBR code
21:11:04.531 Disk 0 scanning sectors +625137345
21:11:05.281 Disk 0 scanning C:\WINDOWS\system32\drivers
21:12:06.546 Service scanning
21:12:08.671 Disk 0 trace - called modules:
21:12:08.703 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
21:12:08.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6c6030]
21:12:08.718 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000070[0x8a79b6c8]
21:12:08.718 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a72d940]
21:12:08.718 Scan finished successfully
21:22:57.671 Disk 0 MBR has been saved successfully to "K:\Windows\MBR.dat"
21:22:58.515 The log file has been saved successfully to "K:\Windows\aswMBR.txt"
All of these were run in safe mode.
I'm beginning to wonder if the problems I'm seeing aren't hardware. I'm seeing minor corruptions on the display. Switching to another card seems to make the system stable.
Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)
Berechtigungen
Zitieren