WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Antivirus Live on XP

2 posters

descriptionAntivirus Live on XP EmptyAntivirus Live on XP17th January 2010, 2:42 pm

more_horiz
I have downloaded Malwarebytes Anti-Malware onto a memory stick from another computer, but the virus on my laptop will not let me install it or do anything else. Please help!!!!

descriptionAntivirus Live on XP EmptyRe: Antivirus Live on XP17th January 2010, 5:02 pm

more_horiz
Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Antivirus Live on XP DXwU4
Antivirus Live on XP VvYDg

descriptionAntivirus Live on XP EmptyRe: Antivirus Live on XP17th January 2010, 5:53 pm

more_horiz
Infected laptop will not allow me to install this program. I downloaded it on another laptop and saved to memory stick but when I try to install it I get the file infected warning and installation stops.

descriptionAntivirus Live on XP EmptyRe: Antivirus Live on XP17th January 2010, 6:19 pm

more_horiz
Hello.
Try this instead.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Antivirus Live on XP DXwU4
Antivirus Live on XP VvYDg

descriptionAntivirus Live on XP EmptyRe: Antivirus Live on XP17th January 2010, 6:55 pm

more_horiz
put OTL on desktop via mem stick but again program killed by virus. IE keeps going to porno.com & adult.com

descriptionAntivirus Live on XP EmptyRe: Antivirus Live on XP17th January 2010, 7:39 pm

more_horiz
Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Can you try running OTL in Safe Mode please.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Antivirus Live on XP DXwU4
Antivirus Live on XP VvYDg

descriptionAntivirus Live on XP EmptyRe: Antivirus Live on XP17th January 2010, 8:11 pm

more_horiz
as requested
OTL Extras logfile created on: 17/01/2010 19:39:23 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\j_palmer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 102.11 Gb Total Space | 84.44 Gb Free Space | 82.69% Space Free | Partition Type: NTFS
Drive D: | 667.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 9.68 Gb Total Space | 0.60 Gb Free Space | 6.16% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 0.16 Gb Free Space | 2.19% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 2744L
Current User Name: J_Palmer
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Altiris\AClient\AClntUsr.EXE" = C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service -- ()
"C:\Documents and Settings\j_palmer\Local Settings\Temp\Temporary Directory 1 for Emulator_159V0R1.31[1].zip\Bound emulator with 159V0R1.31 installed.exe" = C:\Documents and Settings\j_palmer\Local Settings\Temp\Temporary Directory 1 for Emulator_159V0R1.31[1].zip\Bound emulator with 159V0R1.31 installed.exe:*:Enabled:Palm OS®️ Emulator -- File not found
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync®️ Manager Application -- File not found
"C:\Documents and Settings\j_palmer\Desktop\Desktop Items\Bound emulator with 159V0R1.31 installed.exe" = C:\Documents and Settings\j_palmer\Desktop\Desktop Items\Bound emulator with 159V0R1.31 installed.exe:*:Enabled:Palm OS®️ Emulator -- (Palm, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Altiris\AClient\AClntUsr.EXE" = C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync®️ Manager Application -- File not found
"C:\Documents and Settings\j_palmer\Local Settings\Temp\Temporary Directory 1 for Emulator_159V0R1.31[1].zip\Bound emulator with 159V0R1.31 installed.exe" = C:\Documents and Settings\j_palmer\Local Settings\Temp\Temporary Directory 1 for Emulator_159V0R1.31[1].zip\Bound emulator with 159V0R1.31 installed.exe:*:Enabled:Palm OS®️ Emulator -- File not found
"C:\Documents and Settings\j_palmer\Desktop\Bound emulator with 159V0R1.31 installed.exe" = C:\Documents and Settings\j_palmer\Desktop\Bound emulator with 159V0R1.31 installed.exe:*:Enabled:Palm OS®️ Emulator -- File not found
"C:\Documents and Settings\j_palmer\Desktop\Desktop Items\Bound emulator with 159V0R1.31 installed.exe" = C:\Documents and Settings\j_palmer\Desktop\Desktop Items\Bound emulator with 159V0R1.31 installed.exe:*:Enabled:Palm OS®️ Emulator -- (Palm, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02892741-0201-BCB5-C2EC-1ACC90606E0A}" = Catalyst Control Center Localization Dutch
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07DEF940-7355-50C9-298F-38E8CE0EBDCA}" = Catalyst Control Center Graphics Light
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08AE3CD6-E065-37AA-D2B3-07051D45286F}" = CCC Help Russian
"{09258F12-48E7-B18E-C414-1F48C215685F}" = ccc-core-static
"{0B7BBC67-FFB4-3743-E3F8-03D1AF729B70}" = Catalyst Control Center Graphics Full New
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1293BBC6-2E1F-995B-4229-1ADA86E747D2}" = Catalyst Control Center Localization French
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1CF925D3-1E33-4447-889B-0751D2CF886D}" = Drive Encryption for HP ProtectTools
"{1EDE8D45-7214-D099-53E7-749C1997329E}" = Catalyst Control Center Localization Chinese Standard
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{272A7F68-5DB1-0929-8FBF-B458D450FE14}" = Catalyst Control Center Localization Japanese
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2FBAC41E-9400-9975-78F4-B4EFBE1FD8E2}" = Catalyst Control Center Localization German
"{3110F6EA-EE42-C9C0-A177-860D75EDE636}" = Catalyst Control Center Localization Korean
"{316F9A92-6CC2-4E18-B692-C9C9DA2A0AF6}" = CloseIdle
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{332454D8-73B0-4b4a-954C-D96089CD898A}" = Altiris Carbon Copy Solution Agent
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3F92730A-794E-01FC-4EBC-766F4DCE5D67}" = CCC Help English
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}" = ccc-Branding
"{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard
"{435D2D09-D775-FDA4-2610-EE044A8270E8}" = CCC Help Italian
"{47471E78-EFA2-D9A2-7D01-5B0D3931D140}" = CCC Help Hungarian
"{4A702DA1-9E48-4346-8030-26B399CCFA8C}" = Altiris Application Metering Agent
"{4DBB9521-29F6-CE3D-FFE1-ADA665A0FB38}" = Catalyst Control Center Localization Chinese Traditional
"{4E7E8E6A-15F1-4E26-9352-26AD235131E9}" = Documents To Go
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53388D9F-0B31-B16D-2591-431837C84F8B}" = Catalyst Control Center Localization Finnish
"{541BFB68-41E7-1FB7-9718-27C46ED7B754}" = Catalyst Control Center Localization Portuguese
"{572B04AD-8812-ABDD-E78D-761D413F8D53}" = Catalyst Control Center Localization Norwegian
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1E7380-BE8C-A1F8-B94F-1D79A4C28985}" = CCC Help Japanese
"{6BE58A52-CB03-E69E-FE6A-5E500C2A6D05}" = CCC Help Chinese Traditional
"{6CE339FE-4FCB-CBCC-704C-092A044FA724}" = CCC Help Chinese Standard
"{70465DF9-5077-73E9-81F8-B7955DF74130}" = CCC Help Czech
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{73B591D7-32EF-9C1A-E2A9-D119390CBEF3}" = CCC Help German
"{7669846A-8FE4-55CC-D2FD-7D8FB015450E}" = CCC Help Swedish
"{778AA054-858E-3997-AA10-F9B378AB1DEF}" = Catalyst Control Center Localization Russian
"{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062
"{81242661-5588-E2AC-65FF-06CEF7527D61}" = Catalyst Control Center Localization Polish
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E9C9687-4EA2-9459-DE69-4CE1414DB265}" = Catalyst Control Center Localization Hungarian
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{93A94664-6CB9-54E2-D2E2-0FC894F457CD}" = CCC Help Dutch
"{941E6A4B-0B43-0875-2024-4F1A0FCE9293}" = CCC Help Danish
"{954A78C7-BA63-4C7F-8F91-7586984982EE}" = KVS Enterprise Vault User Extensions 5.0
"{9A80B505-F97E-7813-A7DA-594CC6E20448}" = Catalyst Control Center Graphics Full Existing
"{9FB73888-C6F3-7687-DEA1-66AFAE237A7D}" = CCC Help Norwegian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB105D15-5224-890B-7B28-1A4086C09F47}" = Catalyst Control Center Localization Greek
"{AB232CC2-7F49-2F07-8979-EF16498603BF}" = Catalyst Control Center Localization Swedish
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B84C847D-F708-EFC4-A7F4-16C0A407B0C3}" = CCC Help French
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4F9000B-677C-DBE0-8213-C47E04F098C1}" = Catalyst Control Center Core Implementation
"{C74D0FA0-1D49-464F-A707-B427EE3385C1}" = HP BIOS Configuration for ProtectTools
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9EA192F-AEC6-18B1-D641-8ADF9F892260}" = CCC Help Turkish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8CDB72-8323-E26C-1FCB-C5497EA451A6}" = Catalyst Control Center Localization Spanish
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2B0FD55-03C2-4B7F-A67F-C042C260371F}" = SQL Anywhere Studio 9, Documentation
"{D2D52856-B412-9CEE-C10D-BA5C6F2DDD6E}" = Catalyst Control Center Localization Danish
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D3F2542C-0962-1313-CA4F-942E37889349}" = Catalyst Control Center Localization Czech
"{D97215A1-196F-E4BA-B531-4E1AF9393E69}" = ccc-utility
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC5437E1-6C27-E514-5DD3-CDB9E516AF16}" = Catalyst Control Center Localization Thai
"{DC8CF830-12C4-2AFF-1DB6-09A47CEBFEAB}" = Catalyst Control Center Localization Italian
"{E1201237-AE20-F128-DA8E-47859AE55889}" = CCC Help Finnish
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E574C0AC-550B-68A4-4D89-B1940C536229}" = CCC Help Polish
"{E6451EF8-8ACB-7640-2DE3-AEF23DF02BFA}" = CCC Help Thai
"{E9339644-F92D-96C5-7AB7-384818825698}" = Catalyst Control Center Localization Turkish
"{EE52FA1D-A4F9-02A5-5C4A-00B1D15CCF26}" = CCC Help Portuguese
"{EE9D54F6-EA22-6160-9C4F-45331E9104B6}" = CCC Help Greek
"{EEA1220D-9772-F11B-0110-AA5680DCEEDE}" = CCC Help Korean
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F9A859AB-09BC-F1B4-83C1-F70C462AD066}" = CCC Help Spanish
"{FF11005D-CBC8-45D5-A288-25C7BB304121}" = Sophos Remote Management System
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"A106663FD3361BDFACB045D83EBA03858EB1E411" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Altiris Carbon Copy Solution Agent " = Altiris Carbon Copy Solution Agent 6.2
"ATI Display Driver" = ATI Display Driver
"Autobahn" = Autobahn
"Baan" = Baan
"CCFP Administration 8.09_is1" = CCFP Administration 8.09
"CCFP Administration 8.11_is1" = CCFP Administration 8.11
"DistributedCrystalReports7" = Seagate Crystal Reports 7 Distributed Reports
"F2F24872454C7CAEAABD8BB063F70FBEFF01989D" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Connect" = PC Connect 216V0R1.17_UK
"RealPlayer 6.0" = RealPlayer
"RTX3370 Firmware update" = RTX3370 Firmware update
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SerialSolutions" = Serial Solutions Device Driver Suite
"ServiceTool_is1" = ServiceTool 4.15
"SopCast" = SopCast 2.0.4
"ST6UNST #1" = VIDEX PRODUCT BUILDER 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.7.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XN120 PCPro7.12" = XN120 PCPro
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/01/2010 15:09:19 | Computer Name = 2744L | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: The system cannot find the file specified.

Error - 17/01/2010 15:10:02 | Computer Name = 2744L | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 17/01/2010 15:14:46 | Computer Name = 2744L | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: tele19,tele19.tunstall.co.uk.%3

Error - 17/01/2010 15:20:38 | Computer Name = 2744L | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: tele19,tele19.tunstall.co.uk.%3

Error - 17/01/2010 15:26:48 | Computer Name = 2744L | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: tele19,tele19.tunstall.co.uk.%3

Error - 17/01/2010 15:32:41 | Computer Name = 2744L | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: tele19,tele19.tunstall.co.uk.%3

Error - 17/01/2010 15:34:19 | Computer Name = 2744L | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::Unregister in the ComponentManager component encountered
a catastrophic error that it could not recover from.

Error - 17/01/2010 15:34:20 | Computer Name = 2744L | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::TriggerShutdown in the ComponentManager component
encountered a catastrophic error that it could not recover from.

Error - 17/01/2010 15:36:42 | Computer Name = 2744L | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 17/01/2010 15:37:08 | Computer Name = 2744L | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 17/01/2010 15:07:07 | Computer Name = 2744L | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 17/01/2010 15:09:10 | Computer Name = 2744L | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain WHITLEY due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 17/01/2010 15:09:20 | Computer Name = 2744L | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however nȯne of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 17/01/2010 15:09:20 | Computer Name = 2744L | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however nȯne of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 17/01/2010 15:24:25 | Computer Name = 2744L | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however nȯne of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 17/01/2010 15:36:42 | Computer Name = 2744L | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain WHITLEY due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 17/01/2010 15:37:28 | Computer Name = 2744L | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 17/01/2010 15:37:45 | Computer Name = 2744L | Source = Service Control Manager | ID = 7001
Description = The Message Queuing service depends on the Distributed Transaction
Coordinator service which failed to start because of the following error: %%1068

Error - 17/01/2010 15:37:45 | Computer Name = 2744L | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%1068

Error - 17/01/2010 15:37:45 | Computer Name = 2744L | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 CCDevice Fips RsvLock SAVOnAccessControl SAVOnAccessFilter


< End of report >

descriptionAntivirus Live on XP EmptyRe: Antivirus Live on XP17th January 2010, 8:13 pm

more_horiz
2nd file
OTL logfile created on: 17/01/2010 19:39:05 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\j_palmer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 102.11 Gb Total Space | 84.44 Gb Free Space | 82.69% Space Free | Partition Type: NTFS
Drive D: | 667.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 9.68 Gb Total Space | 0.60 Gb Free Space | 6.16% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 0.16 Gb Free Space | 2.19% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 2744L
Current User Name: J_Palmer
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/17 18:29:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\j_palmer\Desktop\OTL.exe
PRC - [2008/09/30 15:14:24 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/07 01:30:00 | 00,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe


========== Modules (SafeList) ==========

MOD - [2010/01/17 18:29:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\j_palmer\Desktop\OTL.exe
MOD - [2008/04/14 04:42:10 | 00,168,960 | ---- | M] () -- C:\WINDOWS\amiwapafiqemaqa.dll
MOD - [2007/02/26 03:49:00 | 00,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
MOD - [2006/05/03 22:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/14 09:39:13 | 00,172,032 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009/05/28 15:52:00 | 00,080,936 | ---- | M] (Sophos Plc) [Unknown | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009/04/02 15:25:21 | 00,266,240 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2009/04/02 15:23:38 | 00,794,624 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2008/09/30 15:14:24 | 00,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008/09/19 12:46:18 | 00,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/04/14 04:42:28 | 00,117,248 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2008/04/14 04:42:28 | 00,004,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2008/02/27 13:20:26 | 05,349,452 | ---- | M] (Altiris, Inc.) [Auto | Stopped] -- C:\Program Files\Altiris\AClient\AClient.exe -- (AClient)
SRV - [2008/01/31 03:09:29 | 01,277,952 | ---- | M] (Altiris, Inc.) [Auto | Stopped] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2007/05/29 17:52:10 | 00,049,152 | ---- | M] (Altiris) [Auto | Stopped] -- C:\WINDOWS\system32\CCSRVC.exe -- (CarbonCopy32)
SRV - [2007/04/19 20:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/04/03 16:18:08 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/30 00:50:50 | 00,221,184 | ---- | M] (SafeBoot International) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/02/07 01:30:00 | 00,074,240 | R--- | M] (Cognizance Corporation) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/02/06 14:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/02/02 15:55:10 | 00,446,464 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/01/04 18:48:52 | 00,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 20:31:14 | 00,887,544 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/01 18:17:32 | 00,073,728 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/10/17 05:01:12 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2006/06/22 05:14:00 | 00,131,584 | R--- | M] (Cognizance Corporation) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/05/02 22:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2006/01/12 20:22:38 | 00,294,912 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA)
SRV - [2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/15 14:20:47 | 00,002,401 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AlKernel.sys -- (AlKernel)
DRV - [2009/02/27 15:27:18 | 00,038,528 | ---- | M] (Sophos Plc) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2009/02/27 15:25:39 | 00,110,848 | ---- | M] (Sophos Plc) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2008/09/30 15:17:03 | 00,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2008/05/08 14:02:52 | 00,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 23:09:46 | 00,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 21:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/29 17:55:50 | 00,009,216 | ---- | M] (Altiris) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\CCDevice.sys -- (CCDevice)
DRV - [2007/05/07 01:00:06 | 01,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/04/10 22:55:28 | 00,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/04/03 16:17:08 | 00,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/29 23:54:00 | 00,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/02/27 10:21:00 | 00,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2007/02/16 12:26:06 | 00,288,768 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/02/14 14:21:00 | 00,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 14:20:58 | 00,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 14:20:58 | 00,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 14:20:58 | 00,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 14:20:56 | 00,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/02/07 18:23:20 | 00,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/02/07 18:22:46 | 00,100,495 | ---- | M] (SafeBoot International) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/02/02 16:03:26 | 01,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/12 13:04:44 | 00,201,856 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/30 18:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/01 23:47:28 | 00,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/17 15:07:13 | 00,084,992 | R--- | M] (Brainboxes Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SsPort.sys -- (SsPort)
DRV - [2006/10/17 15:05:40 | 00,059,904 | R--- | M] (Brainboxes Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SsInstal.sys -- (SsInstal)
DRV - [2006/10/09 20:31:46 | 00,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/09/19 16:58:58 | 00,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/08/07 06:57:30 | 00,093,952 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2006/07/24 10:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/07/23 23:00:04 | 00,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/07/23 23:00:04 | 00,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/07/02 05:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/28 17:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/08/30 01:49:38 | 00,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 00,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 00,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/01/26 08:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 19:10:28 | 00,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://baan_whitley/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://baan_whitley/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://baan_whitley/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/21 15:08:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D1F17F88-E9B1-4751-8199-2C11371474DF}: C:\Documents and Settings\j_palmer\Local Settings\Application Data\{D1F17F88-E9B1-4751-8199-2C11371474DF} [2010/01/03 15:34:21 | 00,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 08:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE ()
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [brastia] C:\WINDOWS\System32\brastia.exe File not found
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CloseIdle] C:\WINDOWS\WinSysScsi.exe (Dynamic Software, Inc.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [pjrurddr] C:\Documents and Settings\j_palmer\Local Settings\Application Data\vglvss\vjagsysguard.exe (tzuk)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [sysgif32] C:\WINDOWS\Temp\~TM8C.tmp ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Yrucumene] C:\WINDOWS\amiwapafiqemaqa.DLL ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [brastia] C:\WINDOWS\System32\brastia.exe File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [pjrurddr] C:\Documents and Settings\j_palmer\Local Settings\Application Data\vglvss\vjagsysguard.exe (tzuk)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\j_palmer\Start Menu\Programs\Startup\autobahn.lnk = C:\Documents and Settings\j_palmer\Local Settings\Application Data\Autobahn\autobahn.exe ()
O4 - Startup: C:\Documents and Settings\j_palmer\Start Menu\Programs\Startup\CCC.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\j_palmer\Start Menu\Programs\Startup\siszyd32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = msimn.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = \\tele01\utility\Wallpaper\Tunstall.jpg
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: vault ([]* in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210080747362 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tunstall.co.uk
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - C:\WINDOWS\System32\twext.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape Wide.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape Wide.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/08 09:24:18 | 00,000,066 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/07/27 23:07:00 | 00,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 15:01:00 | 00,000,053 | -HS- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\VXAutorun\autorun.exe -- [1999/04/22 22:12:48 | 00,036,864 | R--- | M] (P. Harrison)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/17 18:29:37 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\j_palmer\Desktop\OTL.exe
[2010/01/16 23:49:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j_palmer\Local Settings\Application Data\vglvss
[2010/01/13 12:37:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j_palmer\My Documents\Oaklee Upgrades
[2010/01/03 15:34:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j_palmer\Local Settings\Application Data\{D1F17F88-E9B1-4751-8199-2C11371474DF}
[2009/07/16 17:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/12/26 13:22:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2008/12/24 15:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/05/06 13:18:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/27 08:46:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/07/27 08:46:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/17 19:41:12 | 00,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\jnxjk.sys
[2010/01/17 19:36:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/17 19:34:41 | 05,505,024 | -H-- | M] () -- C:\Documents and Settings\j_palmer\NTUSER.DAT
[2010/01/17 19:34:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/17 19:34:10 | 03,777,888 | -H-- | M] () -- C:\Documents and Settings\j_palmer\Local Settings\Application Data\IconCache.db
[2010/01/17 19:11:08 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/01/17 19:09:25 | 00,001,404 | ---- | M] () -- C:\AClient.cfg
[2010/01/17 19:07:07 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\j_palmer\ntuser.ini
[2010/01/17 18:29:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\j_palmer\Desktop\OTL.exe
[2010/01/17 17:58:05 | 00,002,957 | ---- | M] () -- C:\WINDOWS\uwojacuqepi.dll
[2010/01/17 16:46:12 | 00,002,433 | ---- | M] () -- C:\Documents and Settings\j_palmer\Desktop\VPN Client.lnk
[2010/01/17 16:33:32 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Tmitugidixeni.dat
[2010/01/17 13:32:58 | 00,002,957 | ---- | M] () -- C:\WINDOWS\evuhidonokecikot.dll
[2010/01/17 12:31:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Xmiwizi.bin
[2010/01/17 12:29:53 | 00,002,957 | ---- | M] () -- C:\WINDOWS\ocilojihumevixi.dll
[2010/01/16 22:27:49 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/15 14:20:47 | 00,002,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2010/01/13 16:39:41 | 00,000,475 | ---- | M] () -- C:\Documents and Settings\j_palmer\Desktop\CSE on Tele05.lnk
[2010/01/13 11:38:33 | 00,178,029 | ---- | M] () -- C:\Documents and Settings\j_palmer\My Documents\dog licence application.pdf
[2010/01/12 19:35:29 | 00,009,540 | ---- | M] () -- C:\Documents and Settings\j_palmer\My Documents\Pixmania.com order.pdf
[2010/01/05 21:26:54 | 00,000,020 | ---- | M] () -- C:\Documents and Settings\j_palmer\Application Data\fvgqad.dat
[2010/01/03 15:30:30 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\j_palmer\Application Data\avdrn.dat
[2009/12/24 07:47:35 | 00,000,075 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/12/24 07:46:23 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\j_palmer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 17:58:05 | 00,002,957 | ---- | C] () -- C:\WINDOWS\uwojacuqepi.dll
[2010/01/17 13:32:58 | 00,002,957 | ---- | C] () -- C:\WINDOWS\evuhidonokecikot.dll
[2010/01/17 12:29:52 | 00,002,957 | ---- | C] () -- C:\WINDOWS\ocilojihumevixi.dll
[2010/01/13 11:38:33 | 00,178,029 | ---- | C] () -- C:\Documents and Settings\j_palmer\My Documents\dog licence application.pdf
[2010/01/12 19:35:29 | 00,009,540 | ---- | C] () -- C:\Documents and Settings\j_palmer\My Documents\Pixmania.com order.pdf
[2010/01/12 18:10:21 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat
[2010/01/05 21:26:53 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\j_palmer\Application Data\fvgqad.dat
[2010/01/03 15:34:23 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Tmitugidixeni.dat
[2010/01/03 15:34:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Xmiwizi.bin
[2010/01/03 15:30:57 | 00,763,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\jnxjk.sys
[2010/01/03 15:30:30 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\j_palmer\Application Data\avdrn.dat
[2009/05/26 18:22:41 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/26 18:22:41 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/05/26 18:18:46 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/16 23:37:11 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\j_palmer\Application Data\wiaserva.log
[2009/03/19 15:25:28 | 00,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/01/21 16:28:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/12/15 09:48:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/12/15 09:46:07 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/10/15 12:47:22 | 00,000,747 | ---- | C] () -- C:\Program Files\Altir
[2008/10/09 15:14:18 | 00,000,405 | ---- | C] () -- C:\WINDOWS\closeidle.ini
[2008/10/09 11:34:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/09/24 10:00:02 | 00,001,423 | ---- | C] () -- C:\Program Files\Altiră
[2008/09/22 09:57:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/05 12:55:25 | 00,001,976 | ---- | C] () -- C:\WINDOWS\Palm OS Emulator.ini
[2008/09/04 21:27:04 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\j_palmer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/28 13:10:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\j_palmer\Local Settings\Application Data\QSwitch.txt
[2008/05/28 13:10:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\j_palmer\Local Settings\Application Data\DSwitch.txt
[2008/05/28 13:10:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\j_palmer\Local Settings\Application Data\AtStart.txt
[2008/05/06 17:18:39 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/05/06 17:18:39 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/05/06 17:18:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/05/06 17:18:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/05/06 17:18:39 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/05/06 17:18:39 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/05/06 15:08:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\client.INI
[2008/05/06 14:23:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/06 14:10:02 | 00,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2008/05/06 14:09:42 | 00,008,665 | ---- | C] () -- C:\WINDOWS\dynamic.ini
[2008/05/06 13:57:47 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2007/07/27 07:16:40 | 00,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/07/27 07:16:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2007/04/03 16:18:26 | 00,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 16:18:06 | 00,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/02/06 14:20:00 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 13:55:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/19 14:30:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/19 06:02:40 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/19 06:02:40 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/02/17 10:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 10:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/07 13:19:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 13:12:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 08:00:00 | 00,168,960 | ---- | C] () -- C:\WINDOWS\amiwapafiqemaqa.dll
[2004/08/04 08:00:00 | 00,042,496 | ---- | C] () -- C:\WINDOWS\cnecor.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/11/10 10:07:02 | 00,036,864 | ---- | C] () -- C:\WINDOWS\HookDLL.dll
[1998/05/07 02:10:00 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
< End of report >

descriptionAntivirus Live on XP EmptyRe: Antivirus Live on XP17th January 2010, 11:49 pm

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKLM..\Run: [pjrurddr] C:\Documents and Settings\j_palmer\Local Settings\Application Data\vglvss\vjagsysguard.exe (tzuk)
    O4 - HKLM..\Run: [sysgif32] C:\WINDOWS\Temp\~TM8C.tmp ()
    O4 - HKLM..\Run: [Yrucumene] C:\WINDOWS\amiwapafiqemaqa.DLL ()
    O4 - HKCU..\Run: [] File not found
    O4 - HKCU..\Run: [brastia] C:\WINDOWS\System32\brastia.exe File not found
    O4 - HKCU..\Run: [pjrurddr] C:\Documents and Settings\j_palmer\Local Settings\Application Data\vglvss\vjagsysguard.exe (tzuk)
    O4 - Startup: C:\Documents and Settings\j_palmer\Start Menu\Programs\Startup\siszyd32.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - C:\WINDOWS\System32\twext.exe File not found
    [2010/01/16 23:49:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j_palmer\Local Settings\Application Data\vglvss
    [2010/01/17 19:41:12 | 00,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\jnxjk.sys
    [2010/01/17 17:58:05 | 00,002,957 | ---- | M] () -- C:\WINDOWS\uwojacuqepi.dll
    [2010/01/17 16:33:32 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Tmitugidixeni.dat
    [2010/01/17 13:32:58 | 00,002,957 | ---- | M] () -- C:\WINDOWS\evuhidonokecikot.dll
    [2010/01/17 12:31:57 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Xmiwizi.bin
    [2010/01/17 12:29:53 | 00,002,957 | ---- | M] () -- C:\WINDOWS\ocilojihumevixi.dll


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Antivirus Live on XP DXwU4
Antivirus Live on XP VvYDg

descriptionAntivirus Live on XP EmptyRe: Antivirus Live on XP

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum