Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need to check I'm clean...

Started by duffking , Jun 16 2009 04:13 AM

  • Please log in to reply

#1
duffking
Posted 16 June 2009 - 04:13 AM

duffking

    New Member

  • Member
  • Pip
  • 4 posts
Hi all. Around 5pm yesterday my computer started throwing up constant .dll access errors. The files appeared to be randomly named, all lowercase collections of letters.

I checked with avast and it thought it had found a rootkit, and recommended a boot-time scan. I set it to move all things to the chest, but stopped it once it started warning me about moving files within Windows.

Logged back in and the errors had subsided. Downloaded and instaled MBAM, it found 'trojan.downloader' and two deactivated security centre settings, which I told it to fix. Then I scanned again, and it found nothing.

Last night I left the laptop on whilst avast did a most thorough, archive files included full system scan. Nothing found. I did another boot time scan of the areas where avast's first boot time scan was finding trojan signatures, including the area where I'd stopped the scan the first time (Windows, Documents and Settings, System Volume Information). Nothing showed up this time (I was thankfull as I've lost my eeePC service disk).

So I'd like to think it's gone, but here's some logs for you lovely people to check anyway :)

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:46, on 16/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.churston.torbay.sch.uk:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8865 bytes


Rooter

Rooter.exe (v1.0) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 6 Model 28 Stepping 2, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:40 Go - Free:16 Go )
D:\ [Fixed-NTFS] .. ( Total:17 Go - Free:9 Go )
E:\ [CD_Rom]
G:\ [Fixed-NTFS] .. ( Total:17 Go - Free:12 Go )
¨
Scan : 10:46.18
Path : C:\Documents and Settings\Adam\My Documents\Downloads\Rooter.exe
User : Adam ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (428)
______ \??\C:\WINDOWS\system32\csrss.exe (832)
______ \??\C:\WINDOWS\system32\winlogon.exe (856)
______ C:\WINDOWS\system32\services.exe (900)
______ C:\WINDOWS\system32\lsass.exe (912)
______ C:\WINDOWS\system32\svchost.exe (1072)
______ C:\WINDOWS\system32\svchost.exe (1120)
______ C:\WINDOWS\System32\svchost.exe (1160)
______ C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (1184)
______ C:\WINDOWS\system32\svchost.exe (1208)
______ C:\WINDOWS\system32\svchost.exe (1304)
______ C:\WINDOWS\system32\svchost.exe (1368)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1508)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1624)
______ C:\WINDOWS\system32\spoolsv.exe (1988)
______ C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (776)
______ C:\Program Files\Java\jre6\bin\jqs.exe (788)
______ C:\WINDOWS\System32\svchost.exe (452)
______ C:\WINDOWS\system32\PnkBstrA.exe (468)
______ C:\WINDOWS\system32\svchost.exe (1040)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (2036)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (156)
______ C:\WINDOWS\System32\alg.exe (236)
______ C:\WINDOWS\Explorer.EXE (2280)
______ C:\Program Files\EeePC\ACPI\AsTray.exe (2376)
______ C:\WINDOWS\system32\igfxext.exe (2456)
______ C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (2540)
______ C:\WINDOWS\system32\igfxsrvc.exe (2556)
______ C:\Program Files\EeePC\ACPI\AsEPCMon.exe (2608)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2660)
______ C:\WINDOWS\System32\svchost.exe (2708)
______ C:\Program Files\Elantech\ETDCtrl.exe (2716)
______ C:\WINDOWS\system32\igfxtray.exe (2816)
______ C:\WINDOWS\system32\hkcmd.exe (2828)
______ C:\WINDOWS\RTHDCPL.EXE (2928)
______ C:\WINDOWS\SOUNDMAN.EXE (2940)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3044)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (3060)
______ C:\WINDOWS\system32\ctfmon.exe (3088)
______ C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (3144)
______ C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (3244)
______ C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (3432)
______ C:\WINDOWS\system32\NOTEPAD.EXE (2180)
______ C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3796)
______ C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (592)
______ C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4044)
______ C:\Documents and Settings\Adam\My Documents\Downloads\Rooter.exe (4036)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:42951541248)
\Device\Harddisk0\Partition2 (Start_Offset:42951573504 | Length:18375000064)
\Device\Harddisk0\Partition0 (Start_Offset:61327687680 | Length:18654935040)
\Device\Harddisk0\Partition3 (Start_Offset:79990751232 | Length:33030144)
\Device\Harddisk0\Partition4 (Start_Offset:61327719936 | Length:18654773760)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1570190050-4200987910-599687380-1006.job
C:\WINDOWS\Tasks\SA.DAT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 10:46.39
¨
C:\Rooter$\Rooter_1.txt - (16/06/2009 | 10:46.39)


OTL Extras.txt

OTL Extras logfile created on: 16/06/2009 10:48:54 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Adam\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.17 Mb Total Physical Memory | 564.33 Mb Available Physical Memory | 55.59% Memory free
2.38 Gb Paging File | 2.03 Gb Available in Paging File | 85.39% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 16.99 Gb Free Space | 42.48% Space Free | Partition Type: NTFS
Drive D: | 17.11 Gb Total Space | 9.69 Gb Free Space | 56.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 17.37 Gb Total Space | 12.38 Gb Free Space | 71.27% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAM_LAPTOP
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
D:\Team17\Worms World Party\wwp.exe:*:Enabled:Worms World Party (Team17 Software Ltd)
C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB ()
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify (Spotify AB)
D:\Steam\steamapps\common\trials 2 second edition\launcher.exe:*:Enabled:Trials 2: Second Edition (RedLynx Ltd)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}" = Super Hybrid Engine
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{57dc8980-73da-481e-afd4-5e2d44b7f1ad}" = StuffIt Expander 2009
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{6f3f58d0-6ce9-4b76-b3c2-9e5bd6323992}" = Quake Live Mozilla Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{73CBB4A0-09A5-47D8-9C4C-FFB54656FD21}" = Worms World Party Mission Editor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7e20efe6-e604-48c6-8b39-ba4742f2cdb4}" = Zune Desktop Theme
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0010-0409-0000-0000000ff1ce}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000ff1ce}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000ff1ce}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000ff1ce}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000ff1ce}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001a-0409-0000-0000000ff1ce}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001b-0409-0000-0000000ff1ce}" = Microsoft Office Word MUI (English) 2007
"{90120000-001f-0409-0000-0000000ff1ce}" = Microsoft Office Proof (English) 2007
"{90120000-001f-040c-0000-0000000ff1ce}" = Microsoft Office Proof (French) 2007
"{90120000-001f-0c0a-0000-0000000ff1ce}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002c-0409-0000-0000000ff1ce}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000ff1ce}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000ff1ce}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006e-0409-0000-0000000ff1ce}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00a1-0409-0000-0000000ff1ce}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00ba-0409-0000-0000000ff1ce}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000ff1ce}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000ff1ce}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000ff1ce}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a2a60894-e3ed-46fe-9a6a-7cf7a87572a0}" = Opera 9.64
"{a2bca9f1-566c-4805-97d1-7fdc93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B00B1355-DD54-4314-90B1-161C6A7D3FD3}" = Serif PagePlus X2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b42f73d4-afda-4761-b3f4-23a872d11339}" = Morrowind
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{ca2e86c4-6c99-593f-d307-996197f2f3d0}" = GOG.com Downloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D4B8AFAB-FB39-11D7-9D43-000A735D259C}" = Rollercoaster Tycoon 2 UCES
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{fa237125-51ff-408c-8bb8-30c2b3dfff9c}" = Windows Resource Kit Tools
"{ff70923c-8a51-47f4-a7e9-893c6d54eb68}" = TES Construction Set
"87d46c3f73ef6b7f5cd27d922eee14783e1ad3bf" = Windows Driver Package - Sony PSP Type B (11/20/2005 20051120)
"adobe air" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"adobe photoshop cs4_is1" = Adobe Photoshop CS4
"adobe shockwave player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.4
"avast!" = avast! Antivirus
"b991b020-2968-11d8-af23-444553540000_is1" = FreeMind
"beneath a steel sky_is1" = Beneath a Steel Sky
"Descent and Descent 2_is1" = Descent and Descent 2
"Duke Nukem 3D_is1" = Duke Nukem 3D
"Elantech" = ETDWare PS/2-x86 7.0.2.5 WHQL
"enterprise" = Microsoft Office Enterprise 2007
"grabit_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"GTK 2.0" = GTK+ Runtime 2.12.12 rev a (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"iso compressor" = ISO Compressor by Winnydows
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mozilla firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"pbp unpacker_is1" = PBP Unpacker v0.94
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"Puzzle Bobble" = Puzzle Bobble (Remove only, requires CD)
"QuakeOne_is1" = ProQuake Launcher 1.1 - QuakeOne.com
"rarlab winrar incl dosrar v3 80 beta 5" = Rarlab WinRAR Incl DOSRAR v3 80 Beta 5
"RollerCoaster Tycoon Setup" = Roll
"scummvm tools_is1" = ScummVM Tools 0.13.0
"scummvm_is1" = ScummVM 0.13.1a
"shockwave" = Shockwave
"Spotify" = Spotify
"Steam App 12900" = Audiosurf
"Steam App 16600" = Trials 2: Second Edition
"Steam App 70" = Half-Life
"tom clancy’s ghost recon_is1" = Tom Clancy’s Ghost Recon
"UnrealTournament" = Unreal Tournament
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"windows media format runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = Gimp 2.6.1
"WinRAR archiver" = WinRAR archiver
"wmfdist11" = Windows Media Format 11 runtime
"Worms World Party" = Worms World Party
"wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XBCD" = XBCD 1.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"vspace" = VSpace

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/06/2009 08:09:05 | Computer Name = ADAM_LAPTOP | Source = Google Update | ID = 20
Description =

Error - 12/06/2009 10:37:54 | Computer Name = ADAM_LAPTOP | Source = Google Update | ID = 20
Description =

Error - 15/06/2009 13:16:29 | Computer Name = ADAM_LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 15/06/2009 13:16:38 | Computer Name = ADAM_LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 15/06/2009 13:18:13 | Computer Name = ADAM_LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 15/06/2009 13:18:22 | Computer Name = ADAM_LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 15/06/2009 13:18:41 | Computer Name = ADAM_LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 15/06/2009 13:18:50 | Computer Name = ADAM_LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 15/06/2009 13:19:00 | Computer Name = ADAM_LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 15/06/2009 13:19:00 | Computer Name = ADAM_LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 16/06/2009 03:53:42 | Computer Name = ADAM_LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 16/06/2009 03:53:42 | Computer Name = ADAM_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 16/06/2009 03:59:46 | Computer Name = ADAM_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 16/06/2009 03:59:47 | Computer Name = ADAM_LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 16/06/2009 04:30:02 | Computer Name = ADAM_LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 16/06/2009 04:30:02 | Computer Name = ADAM_LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 16/06/2009 04:32:09 | Computer Name = ADAM_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 16/06/2009 04:32:09 | Computer Name = ADAM_LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 16/06/2009 05:16:45 | Computer Name = ADAM_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 16/06/2009 05:16:46 | Computer Name = ADAM_LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2


< End of report >


OTL.txt

OTL logfile created on: 16/06/2009 10:48:54 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Adam\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1015.17 Mb Total Physical Memory | 564.33 Mb Available Physical Memory | 55.59% Memory free
2.38 Gb Paging File | 2.03 Gb Available in Paging File | 85.39% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 16.99 Gb Free Space | 42.48% Space Free | Partition Type: NTFS
Drive D: | 17.11 Gb Total Space | 9.69 Gb Free Space | 56.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 17.37 Gb Total Space | 12.38 Gb Free Space | 71.27% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAM_LAPTOP
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELANTECH Devices Corp.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Documents and Settings\Adam\My Documents\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswupdsv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! mail scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! web scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (microsoft office groove audit service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\hpzipm12.dll (Hewlett-Packard)
SRV - (pnkbstra [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AsusACPI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys (ASUSTeK Computer Inc.)
DRV - (aswfsblk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswmon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswsp [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswtdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (btaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (btwmodem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Ktp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ETD.sys (ELANTECH Devices Corp.)
DRV - (L1e [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT80x86 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RT2860.sys (Ralink Technology, Corp.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (xusb21 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\xusb21.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.3.11
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.2.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {CAF26EE1-EE98-4CC6-AFC4-FDB6C6E06EFD}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2008/10/04 17:25:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/05 15:43:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CAF26EE1-EE98-4CC6-AFC4-FDB6C6E06EFD}: C:\DOCUMENTS AND SETTINGS\ADAM\LOCAL SETTINGS\APPLICATION DATA\{CAF26EE1-EE98-4CC6-AFC4-FDB6C6E06EFD} [2009/04/20 17:50:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 21:36:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 21:36:52 | 00,000,000 | ---D | M]

[2008/08/30 13:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\mozilla\Extensions
[2008/08/30 13:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/06 17:23:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\mozilla\Firefox\Profiles\ohp53p96.default\extensions
[2009/02/09 23:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\mozilla\Firefox\Profiles\ohp53p96.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2009/06/06 17:23:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\mozilla\Firefox\Profiles\ohp53p96.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/05/04 16:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\mozilla\Firefox\Profiles\ohp53p96.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/05/04 16:10:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\mozilla\Firefox\Profiles\ohp53p96.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/04 16:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\mozilla\Firefox\Profiles\ohp53p96.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/12 13:25:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\mozilla\Firefox\Profiles\ohp53p96.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/10/25 09:10:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 21:36:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/29 21:36:47 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 21:36:47 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 11:53:46 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (963 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe] File not found
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Adam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\groovelocalgws {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/27 06:28:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ee67db12-f8e3-11dd-9d54-0015aff4c1e8}\Shell\AutoRun\command - "" = G:\StartPortableApps.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/16 10:47:53 | 00,000,000 | -H-D | M]

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/06/16 10:46:39 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/15 22:31:01 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\HijackThis.lnk
[2009/06/15 22:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/15 21:58:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Application Data\Malwarebytes
[2009/06/15 21:58:11 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/15 21:58:08 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/15 21:58:06 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/15 21:58:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/15 21:58:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/15 18:25:33 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/06/15 18:25:33 | 00,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/06/15 18:25:32 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/06/15 18:25:32 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/06/15 18:25:29 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/06/15 18:25:28 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/06/15 18:25:28 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/06/15 18:25:28 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/06/15 18:25:28 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/06/15 18:24:57 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/06/15 18:24:57 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/06/15 18:24:54 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/06/15 00:10:07 | 00,011,868 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\What were.docx
[2009/06/15 00:10:01 | 00,014,085 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\gotya.docx
[2009/06/14 23:08:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2009/06/14 23:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\My Documents\OneNote Notebooks
[2009/06/14 19:55:33 | 00,013,526 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Stuff so far.docx
[2009/06/14 19:21:05 | 34,295,3984 | ---- | C] () -- C:\TRIBUNAL.iso
[2009/06/14 19:19:44 | 61,308,3136 | ---- | C] () -- C:\MORROWIND.iso
[2009/06/14 19:18:28 | 68,692,1728 | ---- | C] () -- C:\BLOODMOON.iso
[2009/06/14 18:07:42 | 00,196,236 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\morrowindfpsoptimizer196.rar
[2009/06/14 12:35:18 | 00,097,311 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\1009641239723284.jpg
[2009/06/14 00:13:14 | 00,012,908 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Inter War Years.docx
[2009/06/14 00:13:07 | 00,012,843 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\Inter War Years.docx
[2009/06/13 22:46:29 | 00,013,029 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Hospitals.docx
[2009/06/13 21:50:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\My Documents\Opera Scripts
[2009/06/13 18:25:06 | 00,012,972 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Physical Degeneration.docx
[2009/06/13 14:45:53 | 00,013,174 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Surgery.docx
[2009/06/12 20:40:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Application Data\Opera
[2009/06/12 20:32:22 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/06/12 20:32:20 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/06/11 19:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/06/11 18:58:17 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2009/06/11 18:52:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/06/11 18:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/06/11 17:52:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Office 2007 - Files
[2009/06/10 23:57:38 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\Bullet pointed [bleep].doc
[2009/06/09 20:14:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\Day Of The Tentacle
[2009/06/09 19:57:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\Sam and Max
[2009/06/07 15:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\Monkey Island 2
[2009/06/07 15:19:00 | 00,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2009/06/06 17:21:35 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Key Points.doc
[2009/06/06 15:16:32 | 00,042,561 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\4548_94867896676_609671676_2460711_7400087_n.jpg
[2009/06/04 23:20:55 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/06/04 21:19:19 | 00,058,267 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\cea156fbdb1e59d3fe8a8be592198659.jpg.jpg
[2009/06/04 21:17:29 | 00,030,731 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\blasphemy.jpg
[2009/06/04 21:13:49 | 00,028,012 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\nb3e3.png
[2009/06/03 18:49:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\My Documents\Metallica
[2009/06/01 13:36:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Rarlab WinRAR Incl DOSRAR v3 80 Beta 5
[2009/06/01 13:36:48 | 00,000,000 | ---D | C] -- C:\Program Files\Rarlab WinRAR Incl DOSRAR v3 80 Beta 5
[2009/05/31 01:45:25 | 00,000,468 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\Shortcut to mplayerc.exe.lnk
[2009/05/31 01:44:54 | 05,689,344 | ---- | C] (Gabest) -- C:\Documents and Settings\Adam\Desktop\mplayerc.exe
[2009/05/29 17:30:21 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Photoshop CS4.lnk
[2009/05/28 17:50:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\My Documents\Cleanup Folder
[2009/05/26 21:39:52 | 00,026,760 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\submit.gif
[2009/05/25 18:23:40 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/05/25 12:11:30 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/05/25 12:11:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/05/25 12:09:40 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2009/05/23 19:24:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\Medicine Notes
[2009/05/20 17:22:38 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\Shortcut to ISO Compressor.exe.lnk
[2009/05/20 14:26:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/05/20 10:51:04 | 00,094,692 | ---- | C] () -- C:\Documents and Settings\Adam\My Documents\bazzacolour.png
[2009/05/19 22:15:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Adam\My Documents\GrabIt Downloads
[2009/05/19 21:59:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Application Data\GrabIt
[2009/05/19 17:35:40 | 00,000,612 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\GrabIt.lnk
[2009/05/19 17:35:37 | 00,000,000 | ---D | C] -- C:\Program Files\GrabIt
[2009/05/19 12:29:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\Windows Games
[2009/05/18 17:08:07 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2009/05/17 21:41:52 | 00,169,534 | ---- | C] () -- C:\WINDOWS\SFO.ICO
[2009/05/17 21:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\PBP Unpacker
[2009/05/17 18:09:27 | 00,000,000 | ---D | C] -- C:\Program Files\Winnydows
[2009/04/18 15:34:35 | 00,000,592 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2009/03/30 22:42:44 | 00,000,776 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/01/26 18:48:36 | 00,000,116 | ---- | C] () -- C:\WINDOWS\chess.ini
[2009/01/21 11:06:16 | 00,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/14 18:39:48 | 00,024,512 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/14 18:39:48 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/23 22:21:49 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/16 01:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/16 01:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/16 01:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/16 01:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/31 00:47:44 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/08/21 16:02:55 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/27 13:04:38 | 00,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/06/27 08:53:45 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/27 07:17:15 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/06/27 07:17:15 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/06/27 07:17:15 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/06/27 07:17:15 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/06/27 07:17:15 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/06/27 07:17:15 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/06/27 06:35:32 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/06/27 06:13:17 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/06/27 06:13:16 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/04/14 21:58:40 | 02,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/03/17 23:54:36 | 00,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2005/02/17 20:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 20:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 21:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/06/16 10:23:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/06/16 10:16:45 | 00,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1570190050-4200987910-599687380-1006.job
[2009/06/16 09:34:07 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/16 09:34:07 | 00,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/16 09:34:07 | 00,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/16 09:31:45 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Adam\Local Settings\desktop.ini
[2009/06/16 09:29:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/16 09:29:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/16 09:11:05 | 10,645,54496 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/15 22:59:55 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/15 22:31:01 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\HijackThis.lnk
[2009/06/15 21:58:12 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/15 18:25:33 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/06/15 18:25:28 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/06/15 00:10:07 | 00,011,868 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\What were.docx
[2009/06/15 00:10:02 | 00,014,085 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\gotya.docx
[2009/06/14 19:55:33 | 00,013,526 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Stuff so far.docx
[2009/06/14 18:07:42 | 00,196,236 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\morrowindfpsoptimizer196.rar
[2009/06/14 12:35:18 | 00,097,311 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\1009641239723284.jpg
[2009/06/14 12:10:01 | 00,012,908 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Inter War Years.docx
[2009/06/14 00:13:08 | 00,012,843 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\Inter War Years.docx
[2009/06/13 22:46:29 | 00,013,029 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Hospitals.docx
[2009/06/13 18:25:07 | 00,012,972 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Physical Degeneration.docx
[2009/06/13 14:47:11 | 00,013,174 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Surgery.docx
[2009/06/12 20:32:22 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/06/12 11:30:47 | 00,396,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/11 19:05:13 | 00,000,583 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/10 23:57:39 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\Bullet pointed [bleep].doc
[2009/06/10 04:37:58 | 00,002,283 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Google Chrome.lnk
[2009/06/09 15:05:39 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Key Points.doc
[2009/06/08 15:54:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/06 15:16:32 | 00,042,561 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\4548_94867896676_609671676_2460711_7400087_n.jpg
[2009/06/04 23:20:55 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/06/04 21:19:19 | 00,058,267 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\cea156fbdb1e59d3fe8a8be592198659.jpg.jpg
[2009/06/04 21:17:29 | 00,030,731 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\blasphemy.jpg
[2009/06/04 21:13:49 | 00,028,012 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\nb3e3.png
[2009/05/31 01:45:25 | 00,000,468 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\Shortcut to mplayerc.exe.lnk
[2009/05/29 17:30:21 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Photoshop CS4.lnk
[2009/05/26 21:39:53 | 00,026,760 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\submit.gif
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/25 12:12:48 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/25 12:11:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/25 12:11:30 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/05/21 10:21:58 | 00,101,376 | -HS- | M] () -- C:\Documents and Settings\Adam\Desktop\Thumbs.db
[2009/05/20 17:22:38 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\Shortcut to ISO Compressor.exe.lnk
[2009/05/20 10:51:04 | 00,094,692 | ---- | M] () -- C:\Documents and Settings\Adam\My Documents\bazzacolour.png
[2009/05/20 10:27:10 | 00,098,304 | -HS- | M] () -- C:\Documents and Settings\Adam\My Documents\Thumbs.db
[2009/05/19 17:35:40 | 00,000,612 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\GrabIt.lnk
[2009/05/19 12:34:37 | 00,000,776 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2009/05/18 17:05:07 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
< End of report >


Thanks guys. One thing that's confusing me is this in the HJT log:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


But I'll let you be the judge.

Edited by duffking, 16 June 2009 - 05:53 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP