Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Europol virus - Hitman Pro kickstart
Message
<blockquote data-quote="debdon" data-source="post: 118009" data-attributes="member: 7715"><p>OTL.text file copied below</p><p></p><p>OTL logfile created on: 4/25/2013 6:27:12 PM - Run </p><p>OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE</p><p>Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM</p><p>Internet Explorer (Version = 8.0.6001.18702)</p><p>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</p><p> </p><p>2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free</p><p>2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free</p><p>Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 74.53 Gb Total Space | 19.40 Gb Free Space | 26.03% Space Free | Partition Type: NTFS</p><p>Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS</p><p> </p><p>Computer Name: REATOGO | User Name: SYSTEM</p><p>Boot Mode: Normal | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p>Using ControlSet: ControlSet003</p><p> </p><p><span style="color: #E56717">========== Win32 Services (SafeList) ==========</span></p><p> </p><p>SRV - [2012/06/07 07:15:28 | 000,847,872 | ---- | M] (Kaseya International Limited) [Auto] -- C:\Program Files\Kaseya\Agent\AgentMon.exe -- (KAPNC99987954614232346)</p><p>SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)</p><p>SRV - [2008/04/30 06:39:03 | 000,438,272 | ---- | M] (RealVNC Ltd.) [Auto] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)</p><p>SRV - [2008/03/13 14:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)</p><p>SRV - [2006/11/30 03:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)</p><p>SRV - [2006/11/30 03:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)</p><p>SRV - [2006/11/17 08:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)</p><p>SRV - [2006/11/03 14:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)</p><p>SRV - [2006/09/28 10:14:04 | 000,122,880 | ---- | M] (OptionNV) [Auto] -- C:\WINDOWS\system32\Gtdetectsc.exe -- (gtdetectsc)</p><p>SRV - [2004/10/15 05:12:38 | 000,131,072 | ---- | M] (SonicWALL, Inc.) [On_Demand] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - File not found [Kernel | On_Demand] -- -- (WDICA)</p><p>DRV - File not found [Kernel | System] -- -- (Wbutton)</p><p>DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)</p><p>DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)</p><p>DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)</p><p>DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)</p><p>DRV - File not found [Kernel | System] -- -- (PCIDump)</p><p>DRV - File not found [Kernel | System] -- -- (mailKmd)</p><p>DRV - File not found [Kernel | System] -- -- (lbrtfdc)</p><p>DRV - File not found [Kernel | System] -- -- (Changer)</p><p>DRV - [2013/03/29 09:38:12 | 000,061,312 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\e48c6df33eed4299.sys -- (e48c6df33eed4299)</p><p>DRV - [2011/06/23 07:09:02 | 000,017,920 | ---- | M] (Kaseya) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KaPFA.sys -- (KAPFA)</p><p>DRV - [2007/11/05 06:56:58 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)</p><p>DRV - [2007/08/15 02:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)</p><p>DRV - [2007/06/15 13:25:46 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)</p><p>DRV - [2007/03/23 12:31:40 | 000,070,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swumx00.sys -- (SWUMX00) Sierra Wireless USB MUX Driver (UMTS00)</p><p>DRV - [2007/03/23 12:31:30 | 000,102,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swnc8u00.sys -- (SWNC8U00) Sierra Wireless MUX NDIS Driver (UMTS00)</p><p>DRV - [2007/03/23 12:31:20 | 000,020,352 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swivspnt.sys -- (swivsp)</p><p>DRV - [2006/11/30 03:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)</p><p>DRV - [2006/11/30 03:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)</p><p>DRV - [2006/11/30 03:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)</p><p>DRV - [2006/11/30 03:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)</p><p>DRV - [2006/11/30 03:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)</p><p>DRV - [2006/11/30 03:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)</p><p>DRV - [2006/09/22 08:14:10 | 004,381,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)</p><p>DRV - [2006/08/07 01:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)</p><p>DRV - [2006/07/13 03:33:14 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)</p><p>DRV - [2006/07/13 03:33:06 | 000,061,568 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)</p><p>DRV - [2006/01/20 05:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)</p><p>DRV - [2005/06/10 05:52:54 | 000,024,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\g3gruser.sys -- (G3GRUSER)</p><p>DRV - [2005/06/10 05:52:48 | 000,027,648 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\g3grumdm.sys -- (G3GRUMDM)</p><p>DRV - [2005/06/10 01:55:28 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)</p><p>DRV - [2004/10/15 05:46:12 | 000,091,136 | ---- | M] (SonicWALL, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\RCFOX.SYS -- (RCFOX)</p><p>DRV - [2004/08/03 18:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)</p><p>DRV - [2004/05/14 12:15:22 | 000,147,236 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)</p><p>DRV - [2003/08/20 09:01:22 | 000,023,180 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rcvpn.sys -- (rcvpn)</p><p>DRV - [2003/04/28 06:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p> </p><p> </p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\administrator.WATERMANASPEN_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com</p><p>IE - HKU\administrator.WATERMANASPEN_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/p/bt/ie/welcome</p><p>IE - HKU\administrator.WATERMANASPEN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1</p><p>IE - HKU\administrator.WATERMANASPEN_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com</p><p>IE - HKU\administrator.WATERMANASPEN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\chamilton_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/</p><p>IE - HKU\chamilton_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\ddavidson_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie</p><p>IE - HKU\ddavidson_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com</p><p>IE - HKU\ddavidson_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie</p><p>IE - HKU\ddavidson_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie</p><p>IE - HKU\ddavidson_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\dmatheson_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com</p><p>IE - HKU\dmatheson_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1</p><p>IE - HKU\dmatheson_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com</p><p>IE - HKU\dmatheson_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKU\dmatheson_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</p><p> </p><p>IE - HKU\Donnie_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com</p><p>IE - HKU\Donnie_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1</p><p>IE - HKU\Donnie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/</p><p>IE - HKU\Donnie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\kefag_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watermanaspen.co.uk/</p><p>IE - HKU\kefag_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p> </p><p>IE - HKU\sparelaptop_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watermanaspen.co.uk/</p><p>IE - HKU\sparelaptop_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: </p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0b2\extensions\\Components: C:\Program Files\Flock\components</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0b2\extensions\\Plugins: C:\Program Files\Flock\plugins</p><p> </p><p> </p><p>O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)</p><p>O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)</p><p>O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)</p><p>O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)</p><p>O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)</p><p>O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>O3 - HKU\ddavidson_ON_C\..\Toolbar\WebBrowser: (no name) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No CLSID value found.</p><p>O3 - HKU\dmatheson_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)</p><p>O3 - HKU\Donnie_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)</p><p>O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)</p><p>O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)</p><p>O4 - HKLM..\Run: [KASHPNC99987954614232346] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya International Limited)</p><p>O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()</p><p>O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)</p><p>O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)</p><p>O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)</p><p>O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)</p><p>O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)</p><p>O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)</p><p>O4 - HKU\Admin_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)</p><p>O4 - HKU\administrator.WATERMANASPEN_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)</p><p>O4 - HKU\chamilton_ON_C..\Run: [\\WARRINGTONPC.watermanaspen.co.uk\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION)</p><p>O4 - HKU\chamilton_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)</p><p>O4 - HKU\ddavidson_ON_C..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)</p><p>O4 - HKU\ddavidson_ON_C..\Run: [TuneUp MemOptimizer] File not found</p><p>O4 - HKU\dmatheson_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)</p><p>O4 - HKU\Donnie_ON_C..\Run: [{2A2DB62D-8D02-BE06-7552-60540CE0DA6B}] C:\Documents and Settings\Donnie\Application Data\Sun\Java\Deployment\SystemCache\6.0\60\debug.exe ()</p><p>O4 - HKU\Donnie_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)</p><p>O4 - HKU\Donnie_ON_C..\Run: [Yahoo] C:\Documents and Settings\Donnie\Local Settings\Application Data\Yahoo\nlqvmaix.dll ()</p><p>O4 - HKU\kefag_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)</p><p>O4 - HKU\sparelaptop_ON_C..\Run: [\\warringtonpc\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION)</p><p>O4 - HKU\sparelaptop_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)</p><p>O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)</p><p>O4 - HKU\Donnie_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10s_ActiveX.exe (Adobe Systems, Inc.)</p><p>O4 - Startup: C:\Documents and Settings\ddavidson\Start Menu\Programs\Startup\Connection to Waterman HQ.lnk = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe (SonicWALL, Inc.)</p><p>O4 - Startup: C:\Documents and Settings\Donnie\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Donnie\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</p><p>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\administrator.WATERMANASPEN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\chamilton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\ddavidson_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\dmatheson_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\Donnie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\kefag_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\sparelaptop_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</p><p>O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</p><p>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</p><p>O20 - HKU\Donnie_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</p><p>O20 - HKU\Donnie_ON_C Winlogon: Shell - (C:\Documents and Settings\Donnie\Application Data\skype.dat) - C:\Documents and Settings\Donnie\Application Data\skype.dat (TechDays Inc.)</p><p>O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</p><p>O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</p><p>O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)</p><p>O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2006/01/30 15:16:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]</p><p>O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]</p><p>O33 - MountPoints2\{73af4d38-22d7-11de-8e6a-001641fc9a93}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{73af4d38-22d7-11de-8e6a-001641fc9a93}\Shell\AutoRun - "" = Auto&Play</p><p>O33 - MountPoints2\{73af4d38-22d7-11de-8e6a-001641fc9a93}\Shell\AutoRun\command - "" = E:\setup.exe</p><p>O33 - MountPoints2\{e80c42fd-22ec-11de-8e6b-001641fc9a93}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{e80c42fd-22ec-11de-8e6b-001641fc9a93}\Shell\AutoRun - "" = Auto&Play</p><p>O33 - MountPoints2\{e80c42fd-22ec-11de-8e6b-001641fc9a93}\Shell\AutoRun\command - "" = E:\setup.exe</p><p>O34 - HKLM BootExecute: (autocheck autochk *) - File not found</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/04/25 10:25:36 | 000,000,000 | ---D | C] -- C:\FRST</p><p>[2013/03/29 09:37:27 | 000,142,336 | ---- | C] (TechDays Inc.) -- C:\Documents and Settings\Donnie\vhjaopmspkeasxcxioaj.exe</p><p>[2013/03/20 05:12:22 | 000,170,778 | ---- | C] (Lurcom Ltd) -- C:\Documents and Settings\Donnie\7276495.exe</p><p>[2006/01/30 13:59:21 | 000,142,336 | ---- | C] (TechDays Inc.) -- C:\Documents and Settings\Donnie\Application Data\skype.dat</p><p>[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/04/25 11:41:23 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Donnie\Application Data\skype.ini</p><p>[2013/04/25 11:41:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C4D5A3FC-B6FC-4B94-B53B-35B717517C29}.job</p><p>[2013/04/25 11:40:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job</p><p>[2013/04/25 11:40:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3249C59C-3609-49AD-9D5C-528AAF764D3A}.job</p><p>[2013/04/25 11:27:11 | 000,001,035 | ---- | M] () -- C:\Documents and Settings\Donnie\Start Menu\Programs\Startup\Dropbox.lnk</p><p>[2013/04/25 11:26:42 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\Donnie\Desktop\Dropbox.lnk</p><p>[2013/04/25 11:24:55 | 000,484,612 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</p><p>[2013/04/25 11:24:55 | 000,087,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</p><p>[2013/04/25 11:20:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</p><p>[2013/04/25 11:20:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/04/25 11:20:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</p><p>[2013/04/25 11:20:05 | 2673,987,584 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/04/25 04:04:29 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/03/29 09:38:12 | 000,061,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\e48c6df33eed4299.sys</p><p>[2013/03/29 09:37:29 | 000,142,336 | ---- | M] (TechDays Inc.) -- C:\Documents and Settings\Donnie\vhjaopmspkeasxcxioaj.exe</p><p>[2013/03/29 09:28:51 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Donnie\Desktop\Microsoft Office Excel 2007.lnk</p><p>[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/04/23 08:07:00 | 2673,987,584 | -HS- | C] () -- C:\hiberfil.sys</p><p>[2013/03/29 09:38:35 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Donnie\Application Data\skype.ini</p><p>[2013/03/29 09:38:12 | 000,061,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\e48c6df33eed4299.sys</p><p>[2012/08/09 03:12:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Donnie\Application Data\SharedSettings.ccs</p><p>[2012/04/27 07:54:27 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Donnie\default.pls</p><p>[2012/02/06 07:54:50 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Donnie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2011/10/24 08:01:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\dmatheson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2010/09/11 13:31:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TEXTEASE.INI</p><p>[2010/09/11 13:07:47 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\dmatheson\Local Settings\Application Data\fusioncache.dat</p><p>[2010/08/06 12:39:17 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI</p><p>[2010/03/14 14:40:00 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\dmatheson\default.pls</p><p>[2010/03/14 14:33:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini</p><p>[2009/10/09 08:29:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL</p><p>[2009/10/09 08:28:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll</p><p>[2009/10/09 08:25:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI</p><p>[2009/05/27 05:39:48 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL</p><p>[2008/08/23 17:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat</p><p>[2008/07/27 17:22:11 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys</p><p>[2008/07/27 17:22:11 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\ddavidson\Application Data\PnkBstrK.sys</p><p>[2008/07/27 17:21:55 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe</p><p>[2008/07/27 17:21:53 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe</p><p>[2008/07/27 17:21:48 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini</p><p>[2008/06/30 16:44:38 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat</p><p>[2008/06/14 19:02:33 | 000,028,083 | ---- | C] () -- C:\Documents and Settings\ddavidson\Application Data\Comma Separated Values (Windows).ADR</p><p>[2008/06/14 18:57:37 | 000,012,159 | ---- | C] () -- C:\Documents and Settings\ddavidson\Application Data\Comma Separated Values (Windows).EML</p><p>[2008/05/26 16:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin</p><p>[2008/05/26 16:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin</p><p>[2008/05/24 11:21:37 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll</p><p>[2008/05/18 19:08:13 | 000,009,636 | ---- | C] () -- C:\Documents and Settings\ddavidson\Application Data\Comma Separated Values (Windows).TSK</p><p>[2008/05/06 17:20:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ddavidson\Application Data\$_hpcst$.hpc</p><p>[2008/05/01 04:42:33 | 000,496,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat</p><p>[2008/04/29 09:53:28 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig</p><p>[2008/03/07 11:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4</p><p>[2008/03/07 08:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml</p><p>[2007/09/27 05:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini</p><p>[2007/09/27 05:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini</p><p>[2007/09/27 05:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini</p><p>[2007/08/15 02:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys</p><p>[2007/05/18 14:27:08 | 000,000,057 | ---- | C] () -- C:\WINDOWS\init.ini</p><p>[2007/05/18 14:27:00 | 000,065,973 | ---- | C] () -- C:\WINDOWS\sem_GCXXUninstall.exe</p><p>[2007/05/18 14:26:53 | 000,072,985 | ---- | C] () -- C:\WINDOWS\OptionPluss_PCCardInstallerUninstall.exe</p><p>[2007/05/18 14:26:53 | 000,067,722 | ---- | C] () -- C:\WINDOWS\OptionHsdpaGTMax72ExpressInstallerUninstall.exe</p><p>[2007/05/18 14:26:52 | 000,091,520 | ---- | C] () -- C:\WINDOWS\OptionPCCardInstallerUninstall.exe</p><p>[2007/05/18 14:26:48 | 000,073,806 | ---- | C] () -- C:\WINDOWS\Novatel_700_800_PCCardInstallerUninstall.exe</p><p>[2007/05/18 14:23:11 | 000,063,090 | ---- | C] () -- C:\WINDOWS\SWMC87xxInstallerUninstall.exe</p><p>[2007/05/18 14:09:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini</p><p>[2007/05/18 14:08:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll</p><p>[2007/05/18 14:08:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll</p><p>[2007/05/18 14:08:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll</p><p>[2007/05/18 14:08:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll</p><p>[2007/05/18 14:08:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll</p><p>[2007/05/18 14:08:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll</p><p>[2007/05/18 14:08:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll</p><p>[2007/05/18 14:08:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll</p><p>[2007/05/18 14:08:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll</p><p>[2007/05/18 14:08:03 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys</p><p>[2006/05/02 18:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe</p><p>[2006/05/02 18:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini</p><p>[2006/01/30 15:38:38 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini</p><p>[2006/01/30 15:20:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat</p><p>[2006/01/30 15:13:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat</p><p>[2006/01/30 15:07:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI</p><p>[2006/01/30 15:06:54 | 000,304,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT</p><p>[2006/01/30 14:00:03 | 000,000,976 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini</p><p>[2006/01/30 13:59:28 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat</p><p>[2006/01/30 13:59:25 | 000,484,612 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat</p><p>[2006/01/30 13:59:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat</p><p>[2006/01/30 13:59:25 | 000,087,810 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat</p><p>[2006/01/30 13:59:25 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat</p><p>[2006/01/30 13:59:24 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat</p><p>[2006/01/30 13:59:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin</p><p>[2006/01/30 13:59:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat</p><p>[2006/01/30 13:59:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat</p><p>[2006/01/30 13:59:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin</p><p>[2006/01/30 13:59:04 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat</p><p>[2006/01/30 13:58:53 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Alice Systems</p><p>[2008/04/29 10:09:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Bytemobile</p><p>[2011/09/13 07:49:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Softland</p><p>[2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Alice Systems</p><p>[2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.WATERMANASPEN\Application Data\Alice Systems</p><p>[2011/12/16 04:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.WATERMANASPEN\Application Data\Vodafone</p><p>[2011/12/16 04:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.WATERMANASPEN\Application Data\Windows Desktop Search</p><p>[2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Alice Systems</p><p>[2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chamilton\Application Data\Alice Systems</p><p>[2008/08/19 16:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Delicious IE Extension</p><p>[2008/05/06 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Flock</p><p>[2008/07/02 17:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Isotope 244</p><p>[2008/08/10 18:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Millennia</p><p>[2008/05/20 16:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\NetCentrics</p><p>[2008/05/06 15:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Sierra Wireless</p><p>[2008/05/06 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Sprite PC Agent</p><p>[2008/05/06 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Sprite Setup Wizard</p><p>[2008/05/06 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Sprite Software</p><p>[2008/06/20 16:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\TuneUp Software</p><p>[2008/05/27 06:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Vodafone</p><p>[2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Alice Systems</p><p>[2011/11/14 05:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Canon</p><p>[2011/11/07 17:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Canon Easy-WebPrint EX</p><p>[2009/09/15 12:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\KeySafe</p><p>[2011/08/01 04:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\NewSoft</p><p>[2009/10/09 08:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\ScanSoft</p><p>[2010/07/31 09:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\SMART Technologies Inc</p><p>[2010/11/17 14:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\SmartDraw</p><p>[2011/09/12 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Softland</p><p>[2009/04/06 14:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Vodafone</p><p>[2011/11/18 08:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\webex</p><p>[2009/04/20 13:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Windows Desktop Search</p><p>[2009/07/03 11:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Windows Search</p><p>[2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Alice Systems</p><p>[2012/02/06 06:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Canon</p><p>[2011/12/16 05:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Canon Easy-WebPrint EX</p><p>[2013/04/25 11:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Dropbox</p><p>[2012/02/01 11:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Softland</p><p>[2011/12/16 05:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Vodafone</p><p>[2011/12/16 05:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Windows Desktop Search</p><p>[2011/12/20 04:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Windows Search</p><p>[2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kefag\Application Data\Alice Systems</p><p>[2011/09/12 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland</p><p>[2012/02/24 08:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC</p><p>[2009/04/06 14:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone</p><p>[2007/05/18 14:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile</p><p>[2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sparelaptop\Application Data\Alice Systems</p><p>[2011/09/12 12:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Calico Pie</p><p>[2011/11/07 17:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool</p><p>[2009/05/27 05:39:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ</p><p>[2011/11/07 17:39:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP</p><p>[2011/11/14 05:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ</p><p>[2012/02/01 11:33:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV</p><p>[2011/11/07 17:39:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2</p><p>[2011/11/07 17:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup</p><p>[2011/11/07 17:39:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter</p><p>[2011/11/14 05:27:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan</p><p>[2011/11/07 17:39:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX</p><p>[2011/11/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt</p><p>[2008/11/03 11:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON</p><p>[2008/05/14 15:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mobiano</p><p>[2011/10/02 10:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research Machines</p><p>[2009/10/09 08:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft</p><p>[2008/08/20 15:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit</p><p>[2008/08/28 09:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP</p><p>[2009/04/06 14:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone</p><p>[2011/11/27 14:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}</p><p>[2012/11/30 13:15:00 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job</p><p>[2013/04/25 11:40:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job</p><p>[2013/04/25 11:40:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3249C59C-3609-49AD-9D5C-528AAF764D3A}.job</p><p>[2013/04/25 11:41:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C4D5A3FC-B6FC-4B94-B53B-35B717517C29}.job</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844</p><p>< End of report ></p></blockquote><p></p>
[QUOTE="debdon, post: 118009, member: 7715"] OTL.text file copied below OTL logfile created on: 4/25/2013 6:27:12 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 19.40 Gb Free Space | 26.03% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012/06/07 07:15:28 | 000,847,872 | ---- | M] (Kaseya International Limited) [Auto] -- C:\Program Files\Kaseya\Agent\AgentMon.exe -- (KAPNC99987954614232346) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/04/30 06:39:03 | 000,438,272 | ---- | M] (RealVNC Ltd.) [Auto] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4) SRV - [2008/03/13 14:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2006/11/30 03:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2006/11/30 03:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2006/11/17 08:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2006/11/03 14:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/09/28 10:14:04 | 000,122,880 | ---- | M] (OptionNV) [Auto] -- C:\WINDOWS\system32\Gtdetectsc.exe -- (gtdetectsc) SRV - [2004/10/15 05:12:38 | 000,131,072 | ---- | M] (SonicWALL, Inc.) [On_Demand] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | System] -- -- (Wbutton) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (mailKmd) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2013/03/29 09:38:12 | 000,061,312 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\e48c6df33eed4299.sys -- (e48c6df33eed4299) DRV - [2011/06/23 07:09:02 | 000,017,920 | ---- | M] (Kaseya) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KaPFA.sys -- (KAPFA) DRV - [2007/11/05 06:56:58 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007/08/15 02:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558) DRV - [2007/06/15 13:25:46 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2007/03/23 12:31:40 | 000,070,656 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swumx00.sys -- (SWUMX00) Sierra Wireless USB MUX Driver (UMTS00) DRV - [2007/03/23 12:31:30 | 000,102,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swnc8u00.sys -- (SWNC8U00) Sierra Wireless MUX NDIS Driver (UMTS00) DRV - [2007/03/23 12:31:20 | 000,020,352 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swivspnt.sys -- (swivsp) DRV - [2006/11/30 03:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2006/11/30 03:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2006/11/30 03:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2006/11/30 03:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2006/11/30 03:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2006/11/30 03:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk) DRV - [2006/09/22 08:14:10 | 004,381,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/08/07 01:56:00 | 000,248,832 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006/07/13 03:33:14 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006/07/13 03:33:06 | 000,061,568 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006/01/20 05:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2005/06/10 05:52:54 | 000,024,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\g3gruser.sys -- (G3GRUSER) DRV - [2005/06/10 05:52:48 | 000,027,648 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\g3grumdm.sys -- (G3GRUMDM) DRV - [2005/06/10 01:55:28 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4) DRV - [2004/10/15 05:46:12 | 000,091,136 | ---- | M] (SonicWALL, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\RCFOX.SYS -- (RCFOX) DRV - [2004/08/03 18:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB) DRV - [2004/05/14 12:15:22 | 000,147,236 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2003/08/20 09:01:22 | 000,023,180 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rcvpn.sys -- (rcvpn) DRV - [2003/04/28 06:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\administrator.WATERMANASPEN_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com IE - HKU\administrator.WATERMANASPEN_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/p/bt/ie/welcome IE - HKU\administrator.WATERMANASPEN_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\administrator.WATERMANASPEN_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com IE - HKU\administrator.WATERMANASPEN_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\chamilton_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\chamilton_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\ddavidson_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\ddavidson_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\ddavidson_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\ddavidson_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\ddavidson_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\dmatheson_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com IE - HKU\dmatheson_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\dmatheson_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com IE - HKU\dmatheson_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\dmatheson_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\Donnie_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com IE - HKU\Donnie_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\Donnie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\Donnie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\kefag_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watermanaspen.co.uk/ IE - HKU\kefag_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\sparelaptop_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watermanaspen.co.uk/ IE - HKU\sparelaptop_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0b2\extensions\\Components: C:\Program Files\Flock\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0b2\extensions\\Plugins: C:\Program Files\Flock\plugins O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\ddavidson_ON_C\..\Toolbar\WebBrowser: (no name) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No CLSID value found. O3 - HKU\dmatheson_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\Donnie_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [KASHPNC99987954614232346] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya International Limited) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\Admin_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\administrator.WATERMANASPEN_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\chamilton_ON_C..\Run: [\\WARRINGTONPC.watermanaspen.co.uk\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\chamilton_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\ddavidson_ON_C..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\ddavidson_ON_C..\Run: [TuneUp MemOptimizer] File not found O4 - HKU\dmatheson_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\Donnie_ON_C..\Run: [{2A2DB62D-8D02-BE06-7552-60540CE0DA6B}] C:\Documents and Settings\Donnie\Application Data\Sun\Java\Deployment\SystemCache\6.0\60\debug.exe () O4 - HKU\Donnie_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\Donnie_ON_C..\Run: [Yahoo] C:\Documents and Settings\Donnie\Local Settings\Application Data\Yahoo\nlqvmaix.dll () O4 - HKU\kefag_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\sparelaptop_ON_C..\Run: [\\warringtonpc\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\sparelaptop_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG) O4 - HKU\Donnie_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10s_ActiveX.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\ddavidson\Start Menu\Programs\Startup\Connection to Waterman HQ.lnk = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe (SonicWALL, Inc.) O4 - Startup: C:\Documents and Settings\Donnie\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Donnie\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\administrator.WATERMANASPEN_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\chamilton_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\ddavidson_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\dmatheson_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Donnie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\kefag_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\sparelaptop_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\Donnie_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\Donnie_ON_C Winlogon: Shell - (C:\Documents and Settings\Donnie\Application Data\skype.dat) - C:\Documents and Settings\Donnie\Application Data\skype.dat (TechDays Inc.) O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/01/30 15:16:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{73af4d38-22d7-11de-8e6a-001641fc9a93}\Shell - "" = AutoRun O33 - MountPoints2\{73af4d38-22d7-11de-8e6a-001641fc9a93}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{73af4d38-22d7-11de-8e6a-001641fc9a93}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{e80c42fd-22ec-11de-8e6b-001641fc9a93}\Shell - "" = AutoRun O33 - MountPoints2\{e80c42fd-22ec-11de-8e6b-001641fc9a93}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e80c42fd-22ec-11de-8e6b-001641fc9a93}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/04/25 10:25:36 | 000,000,000 | ---D | C] -- C:\FRST [2013/03/29 09:37:27 | 000,142,336 | ---- | C] (TechDays Inc.) -- C:\Documents and Settings\Donnie\vhjaopmspkeasxcxioaj.exe [2013/03/20 05:12:22 | 000,170,778 | ---- | C] (Lurcom Ltd) -- C:\Documents and Settings\Donnie\7276495.exe [2006/01/30 13:59:21 | 000,142,336 | ---- | C] (TechDays Inc.) -- C:\Documents and Settings\Donnie\Application Data\skype.dat [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/04/25 11:41:23 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Donnie\Application Data\skype.ini [2013/04/25 11:41:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C4D5A3FC-B6FC-4B94-B53B-35B717517C29}.job [2013/04/25 11:40:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2013/04/25 11:40:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3249C59C-3609-49AD-9D5C-528AAF764D3A}.job [2013/04/25 11:27:11 | 000,001,035 | ---- | M] () -- C:\Documents and Settings\Donnie\Start Menu\Programs\Startup\Dropbox.lnk [2013/04/25 11:26:42 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\Donnie\Desktop\Dropbox.lnk [2013/04/25 11:24:55 | 000,484,612 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/04/25 11:24:55 | 000,087,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/04/25 11:20:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/25 11:20:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/04/25 11:20:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/25 11:20:05 | 2673,987,584 | -HS- | M] () -- C:\hiberfil.sys [2013/04/25 04:04:29 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/03/29 09:38:12 | 000,061,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\e48c6df33eed4299.sys [2013/03/29 09:37:29 | 000,142,336 | ---- | M] (TechDays Inc.) -- C:\Documents and Settings\Donnie\vhjaopmspkeasxcxioaj.exe [2013/03/29 09:28:51 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Donnie\Desktop\Microsoft Office Excel 2007.lnk [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/04/23 08:07:00 | 2673,987,584 | -HS- | C] () -- C:\hiberfil.sys [2013/03/29 09:38:35 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Donnie\Application Data\skype.ini [2013/03/29 09:38:12 | 000,061,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\e48c6df33eed4299.sys [2012/08/09 03:12:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Donnie\Application Data\SharedSettings.ccs [2012/04/27 07:54:27 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Donnie\default.pls [2012/02/06 07:54:50 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Donnie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/24 08:01:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\dmatheson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/11 13:31:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TEXTEASE.INI [2010/09/11 13:07:47 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\dmatheson\Local Settings\Application Data\fusioncache.dat [2010/08/06 12:39:17 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2010/03/14 14:40:00 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\dmatheson\default.pls [2010/03/14 14:33:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/10/09 08:29:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL [2009/10/09 08:28:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2009/10/09 08:25:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2009/05/27 05:39:48 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL [2008/08/23 17:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/07/27 17:22:11 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008/07/27 17:22:11 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\ddavidson\Application Data\PnkBstrK.sys [2008/07/27 17:21:55 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2008/07/27 17:21:53 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2008/07/27 17:21:48 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2008/06/30 16:44:38 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008/06/14 19:02:33 | 000,028,083 | ---- | C] () -- C:\Documents and Settings\ddavidson\Application Data\Comma Separated Values (Windows).ADR [2008/06/14 18:57:37 | 000,012,159 | ---- | C] () -- C:\Documents and Settings\ddavidson\Application Data\Comma Separated Values (Windows).EML [2008/05/26 16:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 16:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008/05/24 11:21:37 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2008/05/18 19:08:13 | 000,009,636 | ---- | C] () -- C:\Documents and Settings\ddavidson\Application Data\Comma Separated Values (Windows).TSK [2008/05/06 17:20:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ddavidson\Application Data\$_hpcst$.hpc [2008/05/01 04:42:33 | 000,496,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2008/04/29 09:53:28 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2008/03/07 11:43:56 | 000,084,734 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4 [2008/03/07 08:47:30 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml [2007/09/27 05:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 05:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 05:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/08/15 02:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys [2007/05/18 14:27:08 | 000,000,057 | ---- | C] () -- C:\WINDOWS\init.ini [2007/05/18 14:27:00 | 000,065,973 | ---- | C] () -- C:\WINDOWS\sem_GCXXUninstall.exe [2007/05/18 14:26:53 | 000,072,985 | ---- | C] () -- C:\WINDOWS\OptionPluss_PCCardInstallerUninstall.exe [2007/05/18 14:26:53 | 000,067,722 | ---- | C] () -- C:\WINDOWS\OptionHsdpaGTMax72ExpressInstallerUninstall.exe [2007/05/18 14:26:52 | 000,091,520 | ---- | C] () -- C:\WINDOWS\OptionPCCardInstallerUninstall.exe [2007/05/18 14:26:48 | 000,073,806 | ---- | C] () -- C:\WINDOWS\Novatel_700_800_PCCardInstallerUninstall.exe [2007/05/18 14:23:11 | 000,063,090 | ---- | C] () -- C:\WINDOWS\SWMC87xxInstallerUninstall.exe [2007/05/18 14:09:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/05/18 14:08:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll [2007/05/18 14:08:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll [2007/05/18 14:08:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll [2007/05/18 14:08:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll [2007/05/18 14:08:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll [2007/05/18 14:08:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll [2007/05/18 14:08:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll [2007/05/18 14:08:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll [2007/05/18 14:08:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll [2007/05/18 14:08:03 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2006/05/02 18:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe [2006/05/02 18:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini [2006/01/30 15:38:38 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/01/30 15:20:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/01/30 15:13:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/01/30 15:07:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/01/30 15:06:54 | 000,304,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/01/30 14:00:03 | 000,000,976 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/01/30 13:59:28 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/01/30 13:59:25 | 000,484,612 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/01/30 13:59:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/01/30 13:59:25 | 000,087,810 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/01/30 13:59:25 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/01/30 13:59:24 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/01/30 13:59:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/01/30 13:59:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/01/30 13:59:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/01/30 13:59:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/01/30 13:59:04 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/01/30 13:58:53 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [color=#E56717]========== LOP Check ==========[/color] [2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Alice Systems [2008/04/29 10:09:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Bytemobile [2011/09/13 07:49:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Softland [2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Alice Systems [2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.WATERMANASPEN\Application Data\Alice Systems [2011/12/16 04:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.WATERMANASPEN\Application Data\Vodafone [2011/12/16 04:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.WATERMANASPEN\Application Data\Windows Desktop Search [2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Alice Systems [2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\chamilton\Application Data\Alice Systems [2008/08/19 16:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Delicious IE Extension [2008/05/06 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Flock [2008/07/02 17:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Isotope 244 [2008/08/10 18:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Millennia [2008/05/20 16:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\NetCentrics [2008/05/06 15:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Sierra Wireless [2008/05/06 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Sprite PC Agent [2008/05/06 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Sprite Setup Wizard [2008/05/06 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Sprite Software [2008/06/20 16:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\TuneUp Software [2008/05/27 06:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ddavidson\Application Data\Vodafone [2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Alice Systems [2011/11/14 05:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Canon [2011/11/07 17:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Canon Easy-WebPrint EX [2009/09/15 12:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\KeySafe [2011/08/01 04:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\NewSoft [2009/10/09 08:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\ScanSoft [2010/07/31 09:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\SMART Technologies Inc [2010/11/17 14:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\SmartDraw [2011/09/12 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Softland [2009/04/06 14:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Vodafone [2011/11/18 08:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\webex [2009/04/20 13:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Windows Desktop Search [2009/07/03 11:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dmatheson\Application Data\Windows Search [2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Alice Systems [2012/02/06 06:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Canon [2011/12/16 05:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Canon Easy-WebPrint EX [2013/04/25 11:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Dropbox [2012/02/01 11:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Softland [2011/12/16 05:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Vodafone [2011/12/16 05:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Windows Desktop Search [2011/12/20 04:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donnie\Application Data\Windows Search [2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kefag\Application Data\Alice Systems [2011/09/12 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland [2012/02/24 08:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC [2009/04/06 14:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone [2007/05/18 14:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile [2007/05/18 14:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sparelaptop\Application Data\Alice Systems [2011/09/12 12:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Calico Pie [2011/11/07 17:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool [2009/05/27 05:39:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011/11/07 17:39:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP [2011/11/14 05:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ [2012/02/01 11:33:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV [2011/11/07 17:39:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2 [2011/11/07 17:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup [2011/11/07 17:39:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter [2011/11/14 05:27:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2011/11/07 17:39:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX [2011/11/07 16:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt [2008/11/03 11:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2008/05/14 15:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mobiano [2011/10/02 10:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research Machines [2009/10/09 08:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2008/08/20 15:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit [2008/08/28 09:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/04/06 14:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone [2011/11/27 14:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/11/30 13:15:00 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job [2013/04/25 11:40:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2013/04/25 11:40:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3249C59C-3609-49AD-9D5C-528AAF764D3A}.job [2013/04/25 11:41:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C4D5A3FC-B6FC-4B94-B53B-35B717517C29}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844 < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top