Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help cleaning up my PC Please


  • Please log in to reply

#1
Pazma

Pazma

    Member

  • Member
  • PipPip
  • 67 posts
I did everything on the start guide but ran a full malwarebytes scan and fixed the problems before running again with 'quick scan'
Also, when I used OTL I only got OTL.txt not two logs.

Here's what I have so far:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-20 17:56:04
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\uwtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT spfq.sys ZwCreateKey [0xF72C60E0]
SSDT spfq.sys ZwEnumerateKey [0xF72E4CA2]
SSDT spfq.sys ZwEnumerateValueKey [0xF72E5030]
SSDT spfq.sys ZwOpenKey [0xF72C60C0]
SSDT spfq.sys ZwQueryKey [0xF72E5108]
SSDT spfq.sys ZwQueryValueKey [0xF72E4F88]
SSDT spfq.sys ZwSetValueKey [0xF72E519A]

INT 0x62 ? 851E3BF8
INT 0x63 ? 84ED5BF8
INT 0x63 ? 84ED5BF8
INT 0x63 ? 84ED5BF8
INT 0x63 ? 84ED5BF8
INT 0x63 ? 84ED5BF8
INT 0x63 ? 84ED5BF8
INT 0x82 ? 851E3BF8
INT 0xB1 ? 85178F00
INT 0xB1 ? 85178F00

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851E21F8

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\PCI_PNP2534 \Device\00000040 spfq.sys
Device \Driver\PCI_PNP2534 \Device\00000040 spfq.sys
Device \Driver\sptd \Device\4243287534 spfq.sys
Device \Driver\usbuhci \Device\USBPDO-0 84ED41F8
Device \Driver\usbuhci \Device\USBPDO-1 84ED41F8
Device \Driver\usbuhci \Device\USBPDO-2 84ED41F8
Device \Driver\usbuhci \Device\USBPDO-3 84ED41F8
Device \Driver\usbehci \Device\USBPDO-4 84EA71F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\usbstor \Device\00000063 84CD6500
Device \Driver\Ftdisk \Device\HarddiskVolume1 851761F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\usbstor \Device\00000064 84CD6500
Device \Driver\Ftdisk \Device\HarddiskVolume2 851761F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Cdrom \Device\CdRom0 84F9A500
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 851E31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 851E31F8
Device \Driver\atapi \Device\Ide\IdePort0 851E31F8
Device \Driver\atapi \Device\Ide\IdePort1 851E31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 851E31F8
Device \Driver\Cdrom \Device\CdRom1 84F9A500
Device \Driver\Cdrom \Device\CdRom2 84F9A500
Device \Driver\Cdrom \Device\CdRom3 84F9A500
Device \Driver\usbstor \Device\00000068 84CD6500
Device \Driver\usbstor \Device\00000069 84CD6500
Device \Driver\NetBT \Device\NetBt_Wins_Export 84CD2500
Device \Driver\sptd \Device\4243131284 spfq.sys
Device \Driver\PCI_PNP2534 \Device\0000003f spfq.sys
Device \Driver\PCI_PNP2534 \Device\0000003f spfq.sys
Device \Driver\NetBT \Device\NetbiosSmb 84CD2500

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{7F170028-5356-4B77-9776-8D45A7C1B4D8} 84CD2500
Device \Driver\usbstor \Device\0000006a 84CD6500
Device \Driver\usbstor \Device\0000006b 84CD6500
Device \Driver\usbuhci \Device\USBFDO-0 84ED41F8
Device \Driver\usbstor \Device\0000006c 84CD6500
Device \Driver\usbstor \Device\0000006d 84CD6500
Device \Driver\usbuhci \Device\USBFDO-1 84ED41F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84CE11F8
Device \Driver\usbuhci \Device\USBFDO-2 84ED41F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84CE11F8
Device \Driver\usbuhci \Device\USBFDO-3 84ED41F8
Device \Driver\usbehci \Device\USBFDO-4 84EA71F8
Device \Driver\Ftdisk \Device\FtControl 851761F8
Device \Driver\a4u0oiyt \Device\Scsi\a4u0oiyt1 84E63500
Device \Driver\a4u0oiyt \Device\Scsi\a4u0oiyt1Port2Path0Target0Lun0 84E63500
Device \Driver\az9tdc51 \Device\Scsi\az9tdc511Port3Path0Target0Lun0 84E621F8
Device \Driver\az9tdc51 \Device\Scsi\az9tdc511 84E621F8
Device \FileSystem\Cdfs \Cdfs 84EFC1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0[email protected] 0x51 0x01 0x27 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\0[email protected] 0xE8 0x65 0x2B 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x86 0x30 0xB4 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xA9 0x00 0x28 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xF7 0x13 0x65 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x3C 0xFA 0x07 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0[email protected] 0x51 0x01 0x27 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\0[email protected] 0xE8 0x65 0x2B 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x86 0x30 0xB4 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xA9 0x00 0x28 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xF7 0x13 0x65 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x3C 0xFA 0x07 0x80 ...

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.44
Database version: 3596
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

20/01/2010 16:37:10
mbam-log-2010-01-20 (16-37-10).txt

Scan type: Quick Scan
Objects scanned: 105486
Time elapsed: 9 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------------------------------------

OTL logfile created on: 20/01/2010 17:57:42 - Run 4
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

479.00 Mb Total Physical Memory | 99.00 Mb Available Physical Memory | 21.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 94.85 Gb Free Space | 63.64% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 626.56 Gb Free Space | 67.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOESPC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ie...en&source=iglk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 08:10:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/13 20:34:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 22:47:03 | 00,000,000 | ---D | M]

[2008/06/01 00:08:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Extensions
[2010/01/19 17:06:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\extensions
[2010/01/14 19:04:28 | 00,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009/12/14 23:18:55 | 00,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/11/01 04:03:16 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/03/03 22:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]
[2009/12/18 14:42:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]
[2008/08/08 19:00:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]
[2008/08/11 04:42:20 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\searchplugins\daemon-search.xml
[2008/04/17 15:49:46 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\searchplugins\youtube-video-search.xml
[2010/01/19 17:06:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/03 08:48:25 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/03 08:48:25 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/03 08:48:25 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/03 08:48:25 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/11/02 18:11:45 | 00,000,509 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe ()
O4 - Startup: C:\Documents and Settings\Joe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/29 18:25:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/29 18:24:59 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/20 16:53:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/19 01:43:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\Scans
[2010/01/18 20:00:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\MSCG
[2010/01/18 19:58:30 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2010/01/18 19:55:46 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\TFC.exe
[2010/01/12 16:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\OxelonMC
[2010/01/12 16:44:23 | 03,265,482 | ---- | C] (Oxelon ) -- C:\Documents and Settings\Joe\Desktop\oxelonmedia.exe
[2010/01/11 22:18:37 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Joe\My Documents\My Stationery
[2009/11/14 14:14:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/14 14:14:48 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/14 14:14:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/10 03:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/03 01:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/02 22:53:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/03/10 07:42:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

========== Files - Modified Within 14 Days ==========

[2010/01/20 17:44:02 | 54,376,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/20 16:53:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/20 16:53:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/20 16:51:49 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\prvlcl.dat
[2010/01/20 16:45:34 | 04,980,736 | -H-- | M] () -- C:\Documents and Settings\Joe\NTUSER.DAT
[2010/01/20 16:45:34 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Joe\ntuser.ini
[2010/01/20 09:03:01 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/20 01:17:44 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 21:49:00 | 36,670,8736 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Chuck.S03E04.HDTV.XviD-LOL.avi
[2010/01/19 20:23:40 | 36,675,5840 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Heroes.S04E16.HDTV.XviD-LOL.avi
[2010/01/19 18:34:20 | 18,267,3412 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\The.Big.Bang.Theory.S03E13.HDTV.XviD-2HD.avi
[2010/01/19 01:39:47 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Joe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/18 19:58:31 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2010/01/18 19:55:48 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\TFC.exe
[2010/01/18 18:18:06 | 00,469,046 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\processes.bmp
[2010/01/16 21:29:22 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/16 03:27:39 | 04,800,063 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\03 Sugar Magnolia.mp3
[2010/01/12 16:44:39 | 03,265,482 | ---- | M] (Oxelon ) -- C:\Documents and Settings\Joe\Desktop\oxelonmedia.exe
[2010/01/10 18:49:37 | 36,715,1886 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Glee.S01E13.Sectionals.HDTV.XviD-FQM.[VTV].avi
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/01/20 01:17:47 | 18,267,3412 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\The.Big.Bang.Theory.S03E13.HDTV.XviD-2HD.avi
[2010/01/20 01:17:25 | 36,675,5840 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Heroes.S04E16.HDTV.XviD-LOL.avi
[2010/01/20 01:16:58 | 36,670,8736 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Chuck.S03E04.HDTV.XviD-LOL.avi
[2010/01/19 01:40:26 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\gmer.exe
[2010/01/19 01:39:47 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\Joe\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/18 18:18:05 | 00,469,046 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\processes.bmp
[2010/01/18 06:02:38 | 36,715,1886 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Glee.S01E13.Sectionals.HDTV.XviD-FQM.[VTV].avi
[2010/01/16 03:26:24 | 04,800,063 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\03 Sugar Magnolia.mp3
[2009/12/16 01:22:05 | 00,214,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/29 02:53:24 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\fusioncache.dat
[2009/11/17 17:54:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\prvlcl.dat
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/20 22:02:46 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/20 22:02:46 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/10/20 22:02:44 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/20 22:02:44 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/20 22:02:43 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/20 22:02:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/01 15:09:12 | 00,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/07/20 01:02:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2009/07/20 00:55:22 | 00,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009/07/20 00:50:09 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009/07/20 00:47:16 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/07/20 00:46:53 | 00,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/12/05 08:49:42 | 00,040,173 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\FASTWiz.log
[2008/10/15 18:16:49 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/10/15 18:10:32 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/01 14:08:36 | 00,000,838 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/06/11 11:23:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/04/30 03:55:34 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2008/04/15 16:27:08 | 00,000,656 | ---- | C] () -- C:\WINDOWS\rally.ini
[2008/03/13 02:29:01 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/02 01:58:03 | 00,005,632 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/01 18:28:27 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/01 03:11:16 | 00,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/03/01 03:07:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2008/02/29 18:28:04 | 00,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2009/11/14 14:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/04/30 03:55:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/30 05:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/10/22 15:16:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/10/26 22:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009/08/01 15:07:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2009/06/03 12:51:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/12/19 22:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/01 00:01:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Titanium
[2009/08/01 15:10:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\BITS
[2008/11/23 01:43:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\BraCa_Soft
[2008/08/11 04:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\DAEMON Tools
[2009/08/01 15:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\FlashGetBHO
[2009/08/01 15:07:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\FlashgetSetup
[2009/11/17 18:13:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\GetRightToGo
[2008/02/29 20:11:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Grisoft
[2009/08/01 00:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Leadertech
[2009/07/20 00:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\MAGIX
[2009/12/30 05:31:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Microgaming
[2009/08/01 15:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\MxBoost
[2008/03/01 17:30:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Outertech
[2010/01/12 17:33:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\OxelonMC
[2008/11/24 01:43:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Samsung
[2009/11/14 14:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Shareaza
[2008/11/24 02:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Smart PC Solutions
[2008/11/16 18:18:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Sports Interactive
[2009/07/09 03:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Teleca
[2010/01/20 16:00:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\uTorrent
[2008/08/02 02:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\WebCompiler3

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 12:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 12:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 12:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/09/26 13:24:54 | 00,477,952 | ---- | M] (Intel Corporation) MD5=DD19FDD8BB262F64A11C50CC23FC6F70 -- C:\WINDOWS\OEM\iaStor\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2004/08/04 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004/09/02 07:24:38 | 00,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\OEM\nvatabus\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2004/05/18 13:55:26 | 00,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEM\viapdsk\viamraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Joe\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
< End of report >
------------------------------------------------------------------------

Thanks in advance guys.

Edited by Pazma, 20 January 2010 - 12:43 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP