Hello,
For some reason i can't run GMER becuase any time i try the computer crashes half way though and it gave me a blue screen once?
The other 2 programs I didn't have any problems
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4219
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
21/06/2010 11:01:25
mbam-log-2010-06-21 (11-01-25).txt
Scan type: Quick scan
Objects scanned: 141011
Time elapsed: 9 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{2e3ae7e7-a9a8-0400-b628-049ac6a8a189} (Backdoor.IRCBot) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\svchost\svchost (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Downloads\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\0019.DLL (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\ewequlro.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\hnyoi.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\USER\AppData\Local\Temp\Low\0.7071191449579648.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\USER\AppData\Roaming\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\WORK.DAT (Malware.Trace) -> Quarantined and deleted successfully.
OTL logfile created on: 21/06/2010 12:07:40 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Malware Removal
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.62 Gb Total Space | 70.66 Gb Free Space | 31.88% Space Free | Partition Type: NTFS
Drive D: | 11.27 Gb Total Space | 5.89 Gb Free Space | 52.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-PC
Current User Name: USER
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/06/21 12:02:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Malware Removal\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/24 14:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3\3Connect\BecHelperService.exe
PRC - [2009/11/13 04:28:58 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/06/16 02:51:16 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/10/23 00:45:38 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2008/10/22 13:25:30 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/04/23 15:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/02/09 13:03:12 | 001,257,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2006/07/29 12:07:57 | 000,188,416 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
========== Modules (SafeList) ========== MOD - [2010/06/21 12:02:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Malware Removal\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/24 17:17:56 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2008/10/22 13:25:30 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
========== Driver Services (SafeList) ========== DRV - [2010/01/28 13:34:32 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/12/25 13:30:07 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/12/25 13:30:07 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/01/19 06:57:16 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2007/06/25 09:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 09:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 09:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 09:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 09:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 09:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/04/23 18:13:22 | 001,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/13 14:32:38 | 001,746,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/04/13 14:32:38 | 001,746,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/02/09 14:54:40 | 000,213,216 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wg111v2.sys -- (RTL8187)
DRV - [2007/01/19 04:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/08 16:55:10 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/08 16:54:02 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/11/08 16:53:48 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/29 12:11:23 | 000,030,601 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://uk.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 A8 62 C1 E9 43 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/28 14:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 19:49:43 | 000,000,000 | ---D | M]
[2009/04/28 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Mozilla\Extensions
[2010/06/08 05:40:59 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\dkb6sgjv.default\extensions
[2009/11/16 14:02:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\dkb6sgjv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/16 14:04:07 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\dkb6sgjv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/06/08 05:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 19:49:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/05/31 19:49:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/17 15:45:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/17 15:45:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/17 15:45:13 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/17 15:45:13 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\Program Files\AEVITA Save Flash\saveflash.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&AEVITA Save Flash) - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\Program Files\AEVITA Save Flash\saveflash.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [EPSON Stylus Photo R265 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; GTB6.5; Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\Program Files\AEVITA Save Flash\saveflash.dll ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E}
http://imikimi.com/d...lugin_0.5.1.cab (Imikimi_activex_plugin Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{02b0ecea-57f7-11de-affd-001a4d254a01}\Shell - "" = AutoRun
O33 - MountPoints2\{02b0ecea-57f7-11de-affd-001a4d254a01}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ae2a094c-479d-11df-af9e-d2d64a4c1cc7}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2a094c-479d-11df-af9e-d2d64a4c1cc7}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{ae2a0979-479d-11df-af9e-ab3e448817b5}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2a0979-479d-11df-af9e-ab3e448817b5}\Shell\AutoRun\command - "" = L:\AutoRun.exe -- File not found
O33 - MountPoints2\{ae2a0a75-479d-11df-af9e-d88cbbeac206}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2a0a75-479d-11df-af9e-d88cbbeac206}\Shell\AutoRun\command - "" = L:\AutoRun.exe -- File not found
O33 - MountPoints2\{ae2a0b26-479d-11df-af9e-ecaec62c6008}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2a0b26-479d-11df-af9e-ecaec62c6008}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{ae2a0b28-479d-11df-af9e-ecaec62c6008}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2a0b28-479d-11df-af9e-ecaec62c6008}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2009/09/19 01:15:48 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.SP54 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP55 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP56 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP57 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP58 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ========== [2010/06/21 10:50:52 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Malwarebytes
[2010/06/21 10:50:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/21 10:50:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/21 10:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/21 10:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/21 10:19:10 | 000,000,000 | ---D | C] -- C:\Malware Removal
[2010/06/17 11:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/06/12 02:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\svchost
[2010/06/10 20:01:52 | 000,000,000 | ---D | C] -- C:\unzipped
[2010/06/07 01:18:30 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\becki ebay june 10
[2010/06/06 20:32:35 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Doctor Who
[2010/06/06 20:30:46 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Doctor Who
[2010/06/06 20:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Doctor Who - The Adventure Games
[2010/05/31 19:50:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/31 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/28 14:50:37 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Apple Computer
[2010/05/28 14:50:36 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Apple Computer
[2010/05/28 14:48:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/05/28 14:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/28 14:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/28 14:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/28 14:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/28 14:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/05/28 14:45:27 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Apple
[2010/05/28 14:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/28 14:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/05/28 14:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/13 13:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/02 11:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Freecom Backup Software
[2010/05/02 11:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Freecom Personal Media Suite
[2010/05/02 11:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Freecom DataTank
[2010/04/29 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\My Chat Logs
[2010/04/27 19:14:43 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\Paul hijack
[2010/04/27 17:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/04/27 17:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/04/15 03:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/04/14 09:50:58 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010/04/14 09:50:58 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010/04/14 09:19:23 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Birdstep Technology
[2010/04/14 09:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology
[2010/04/14 09:18:01 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010/04/14 09:18:01 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010/04/14 09:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Huawei Modems
[2010/04/14 09:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\3
[2010/04/12 02:27:06 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\MixedInKey
[2010/04/12 00:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mixed In Key
[2010/04/07 17:24:17 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/04/07 17:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Domain Samurai
[2010/04/03 00:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
[2010/04/01 17:15:41 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\Brannons p
[2010/03/31 07:00:46 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2010/03/29 21:30:00 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\Mamps
[2010/03/24 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/03/24 16:43:15 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Download Manager
========== Files - Modified Within 90 Days ========== [2010/06/21 12:09:02 | 005,767,168 | -H-- | M] () -- C:\Users\USER\ntuser.dat
[2010/06/21 12:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 11:21:58 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/21 11:21:58 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/21 11:21:58 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/21 11:14:52 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 11:14:51 | 000,004,288 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 11:14:51 | 000,004,288 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/21 11:14:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/21 11:14:39 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010/06/21 11:14:33 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/21 11:14:29 | 223,606,624 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/21 11:02:41 | 000,524,288 | -HS- | M] () -- C:\Users\USER\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/21 11:02:41 | 000,065,536 | -HS- | M] () -- C:\Users\USER\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/21 11:02:40 | 006,291,456 | -H-- | M] () -- C:\Users\USER\AppData\Local\IconCache.db
[2010/06/21 10:22:29 | 001,812,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/21 09:50:55 | 000,117,432 | ---- | M] () -- C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/20 22:51:59 | 000,000,191 | ---- | M] () -- C:\Users\USER\Desktop\Cbeebies.url
[2010/06/20 20:54:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B2865BEB-DC81-4AE1-B555-35B263B0B2D6}.job
[2010/06/19 22:38:12 | 000,028,935 | ---- | M] () -- C:\Users\USER\Desktop\_41578772_football_416.jpg
[2010/06/19 22:28:07 | 000,055,444 | ---- | M] () -- C:\Users\USER\Desktop\forest_open_day_04_470x353.jpg
[2010/06/19 22:09:53 | 000,012,970 | ---- | M] () -- C:\Users\USER\Desktop\Camoranesi.jpg
[2010/06/19 21:59:19 | 000,094,921 | ---- | M] () -- C:\Users\USER\Desktop\asif.jpg
[2010/06/19 18:11:06 | 000,065,848 | ---- | M] () -- C:\Installer.jpg
[2010/06/17 11:29:11 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/06/16 17:23:09 | 000,192,080 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/06/16 12:02:18 | 001,886,212 | ---- | M] () -- C:\Users\USER\Documents\take3.mpeg
[2010/06/16 12:01:41 | 001,886,212 | ---- | M] () -- C:\Users\USER\Documents\take2.mpeg
[2010/06/16 12:01:04 | 001,886,212 | ---- | M] () -- C:\Users\USER\Documents\take1.mpeg
[2010/06/15 12:38:30 | 000,061,440 | ---- | M] () -- C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 12:35:30 | 003,874,816 | ---- | M] () -- C:\Users\USER\Documents\03.mpeg
[2010/06/15 12:34:53 | 003,874,816 | ---- | M] () -- C:\Users\USER\Documents\02.mpeg
[2010/06/15 08:36:47 | 000,035,328 | ---- | M] () -- C:\Users\USER\Documents\logo.doc
[2010/06/14 18:17:38 | 000,049,152 | ---- | M] () -- C:\Users\USER\Desktop\Samanthas.zdl
[2010/06/11 22:10:50 | 000,000,168 | ---- | M] () -- C:\Users\USER\Desktop\Roblox.url
[2010/06/11 03:08:28 | 000,000,297 | ---- | M] () -- C:\Windows\win.ini
[2010/06/09 14:37:12 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/08 17:36:50 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/08 17:36:50 | 000,022,328 | ---- | M] () -- C:\Users\USER\AppData\Roaming\PnkBstrK.sys
[2010/06/08 17:36:25 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2010/06/06 20:29:39 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\Play Doctor Who - The Adventure Games.lnk
[2010/06/03 21:13:06 | 000,589,392 | ---- | M] () -- C:\Users\USER\Documents\FAMAS Gaming™ Advanced3.jpg
[2010/05/30 17:44:55 | 000,077,312 | ---- | M] () -- C:\Users\USER\Desktop\Doc4.doc
[2010/05/29 18:44:24 | 000,504,320 | ---- | M] () -- C:\Users\USER\Documents\LOGO sHe London.doc
[2010/05/29 18:41:33 | 000,504,320 | ---- | M] () -- C:\Users\USER\Desktop\LOGO sHe London.doc
[2010/05/28 14:50:26 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/28 14:46:03 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/25 19:56:43 | 000,000,949 | ---- | M] () -- C:\Users\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/05/23 05:11:51 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/05/18 10:21:51 | 003,883,008 | ---- | M] () -- C:\Users\USER\Documents\01.mpeg
[2010/05/15 10:11:16 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/14 20:29:07 | 000,000,205 | ---- | M] () -- C:\Users\USER\Desktop\Cartoon Network Free Online Games, Downloads, Competitions & Videos for Kids.url
[2010/05/14 11:26:46 | 000,110,592 | ---- | M] () -- C:\Users\USER\Desktop\Quotation 10002 Sarah Pang.doc
[2010/05/13 13:39:06 | 000,001,946 | ---- | M] () -- C:\Users\USER\Desktop\HiJackThis.lnk
[2010/05/12 11:56:42 | 000,706,650 | ---- | M] () -- C:\Users\USER\Desktop\Dudes n Divas - bag logo4.eps
[2010/05/10 09:37:22 | 002,485,709 | ---- | M] () -- C:\Users\USER\Documents\bp_004.wmv
[2010/05/10 09:36:18 | 002,461,703 | ---- | M] () -- C:\Users\USER\Documents\bp_002.wmv
[2010/05/08 11:54:41 | 000,001,105 | ---- | M] () -- C:\Users\USER\Desktop\Play Roblox (2).lnk
[2010/05/01 11:47:38 | 001,174,765 | ---- | M] () -- C:\Users\USER\Documents\dannys page.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/21 10:37:22 | 004,032,052 | ---- | M] () -- C:\Users\USER\Documents\Emma Bunton - What I Am [Instrumental].mp3
[2010/04/20 16:03:41 | 000,159,232 | ---- | M] () -- C:\Users\USER\Desktop\22954.doc
[2010/04/14 10:50:59 | 000,077,762 | ---- | M] () -- C:\Users\USER\Desktop\380x600x840 (6A).pdf
[2010/04/14 09:51:48 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\3Connect.lnk
[2010/04/14 09:51:48 | 000,001,698 | ---- | M] () -- C:\Users\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2010/04/14 09:50:46 | 000,071,259 | ---- | M] () -- C:\Windows\Huawei ModemsUninstall.exe
[2010/04/14 09:18:52 | 000,000,641 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
[2010/04/12 12:43:33 | 000,337,134 | ---- | M] () -- C:\Users\USER\Desktop\SHIMAII LOGO_FINAL_ PINK INFILL.jpg
[2010/04/12 00:59:38 | 000,121,853 | ---- | M] () -- C:\Users\USER\Desktop\camelotHarmonicMixing.jpg
[2010/04/12 00:38:46 | 000,000,931 | ---- | M] () -- C:\Users\USER\Desktop\Mixed In Key.lnk
[2010/04/08 19:35:19 | 000,261,120 | ---- | M] () -- C:\Users\USER\Documents\carrier bags.dsam
[2010/04/07 17:24:09 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Domain Samurai.lnk
[2010/04/07 17:22:09 | 002,081,915 | ---- | M] () -- C:\Users\USER\Documents\DomainSamurai.0.1.34.air
[2010/04/06 19:01:51 | 000,033,280 | ---- | M] () -- C:\Users\USER\Documents\dmoz application.doc
[2010/04/02 12:19:56 | 001,384,448 | ---- | M] () -- C:\Users\USER\Documents\Mailing Bags Trade Price Lists New.xls
[2010/04/02 00:10:29 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2010/04/01 06:25:08 | 000,052,670 | ---- | M] () -- C:\Users\USER\Documents\Brannon's Optimumz Opposite Fix No M16 Beast!.psd
[2010/04/01 02:56:04 | 000,128,066 | ---- | M] () -- C:\Users\USER\Desktop\Brannon's Optimumz Xbox 360 Theme Don't EDIT DELETE.pdf
[2010/03/31 10:27:43 | 000,001,600 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/03/31 07:00:46 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2010/03/27 12:44:21 | 000,001,105 | ---- | M] () -- C:\Users\USER\Desktop\Play Roblox.lnk
[2010/03/24 23:09:20 | 001,365,886 | ---- | M] () -- C:\Users\USER\Documents\deck chair design.psd
[2010/03/24 17:40:34 | 000,176,266 | ---- | M] () -- C:\Users\USER\Documents\pantone_colour_chart.pdf
[2010/03/24 17:21:29 | 000,030,473 | ---- | M] () -- C:\Users\USER\Desktop\stripe.jpg
[2010/03/24 17:17:16 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2010/03/24 17:02:36 | 1139,864,748 | ---- | M] () -- C:\Users\USER\Documents\PhotoshopElements_8_MUL.7z
========== Files Created - No Company Name ========== [2010/06/21 11:08:46 | 000,293,376 | ---- | C] () -- C:\Users\USER\Desktop\gmer.exe
[2010/06/19 22:38:20 | 000,028,935 | ---- | C] () -- C:\Users\USER\Desktop\_41578772_football_416.jpg
[2010/06/19 22:28:18 | 000,055,444 | ---- | C] () -- C:\Users\USER\Desktop\forest_open_day_04_470x353.jpg
[2010/06/19 22:10:02 | 000,012,970 | ---- | C] () -- C:\Users\USER\Desktop\Camoranesi.jpg
[2010/06/19 21:59:19 | 000,094,921 | ---- | C] () -- C:\Users\USER\Desktop\asif.jpg
[2010/06/17 11:29:11 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/06/16 12:02:07 | 001,886,212 | ---- | C] () -- C:\Users\USER\Documents\take3.mpeg
[2010/06/16 12:01:32 | 001,886,212 | ---- | C] () -- C:\Users\USER\Documents\take2.mpeg
[2010/06/16 12:00:56 | 001,886,212 | ---- | C] () -- C:\Users\USER\Documents\take1.mpeg
[2010/06/15 12:35:23 | 003,874,816 | ---- | C] () -- C:\Users\USER\Documents\03.mpeg
[2010/06/15 12:34:45 | 003,874,816 | ---- | C] () -- C:\Users\USER\Documents\02.mpeg
[2010/06/15 08:36:47 | 000,035,328 | ---- | C] () -- C:\Users\USER\Documents\logo.doc
[2010/06/14 18:17:38 | 000,049,152 | ---- | C] () -- C:\Users\USER\Desktop\Samanthas.zdl
[2010/06/12 02:51:06 | 000,065,848 | ---- | C] () -- C:\Installer.jpg
[2010/06/06 20:29:39 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\Play Doctor Who - The Adventure Games.lnk
[2010/06/03 21:13:04 | 000,589,392 | ---- | C] () -- C:\Users\USER\Documents\FAMAS Gaming™ Advanced3.jpg
[2010/05/30 17:44:55 | 000,077,312 | ---- | C] () -- C:\Users\USER\Desktop\Doc4.doc
[2010/05/29 18:44:24 | 000,504,320 | ---- | C] () -- C:\Users\USER\Documents\LOGO sHe London.doc
[2010/05/29 18:41:33 | 000,504,320 | ---- | C] () -- C:\Users\USER\Desktop\LOGO sHe London.doc
[2010/05/28 14:50:26 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/28 14:46:03 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/05/18 10:21:46 | 003,883,008 | ---- | C] () -- C:\Users\USER\Documents\01.mpeg
[2010/05/15 10:11:16 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/14 11:26:46 | 000,110,592 | ---- | C] () -- C:\Users\USER\Desktop\Quotation 10002 Sarah Pang.doc
[2010/05/12 20:40:08 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/05/12 20:40:07 | 000,022,328 | ---- | C] () -- C:\Users\USER\AppData\Roaming\PnkBstrK.sys
[2010/05/12 20:39:51 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/05/12 20:39:48 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/05/12 20:39:46 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/05/12 11:56:41 | 000,706,650 | ---- | C] () -- C:\Users\USER\Desktop\Dudes n Divas - bag logo4.eps
[2010/05/10 09:37:18 | 002,485,709 | ---- | C] () -- C:\Users\USER\Documents\bp_004.wmv
[2010/05/10 09:36:14 | 002,461,703 | ---- | C] () -- C:\Users\USER\Documents\bp_002.wmv
[2010/05/08 11:54:41 | 000,001,105 | ---- | C] () -- C:\Users\USER\Desktop\Play Roblox (2).lnk
[2010/05/08 11:53:51 | 000,000,205 | ---- | C] () -- C:\Users\USER\Desktop\Cartoon Network Free Online Games, Downloads, Competitions & Videos for Kids.url
[2010/05/02 13:34:40 | 223,606,624 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/01 11:47:33 | 001,174,765 | ---- | C] () -- C:\Users\USER\Documents\dannys page.jpg
[2010/04/21 10:37:20 | 004,032,052 | ---- | C] () -- C:\Users\USER\Documents\Emma Bunton - What I Am [Instrumental].mp3
[2010/04/20 16:03:40 | 000,159,232 | ---- | C] () -- C:\Users\USER\Desktop\22954.doc
[2010/04/14 10:50:59 | 000,077,762 | ---- | C] () -- C:\Users\USER\Desktop\380x600x840 (6A).pdf
[2010/04/14 09:18:53 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\3Connect.lnk
[2010/04/14 09:18:53 | 000,001,698 | ---- | C] () -- C:\Users\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2010/04/14 09:18:52 | 000,000,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
[2010/04/14 09:16:22 | 000,071,259 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2010/04/12 12:43:33 | 000,337,134 | ---- | C] () -- C:\Users\USER\Desktop\SHIMAII LOGO_FINAL_ PINK INFILL.jpg
[2010/04/12 02:28:31 | 000,121,853 | ---- | C] () -- C:\Users\USER\Desktop\camelotHarmonicMixing.jpg
[2010/04/12 00:38:46 | 000,000,931 | ---- | C] () -- C:\Users\USER\Desktop\Mixed In Key.lnk
[2010/04/07 17:25:25 | 000,261,120 | ---- | C] () -- C:\Users\USER\Documents\carrier bags.dsam
[2010/04/07 17:24:09 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Domain Samurai.lnk
[2010/04/07 17:22:31 | 002,081,915 | ---- | C] () -- C:\Users\USER\Documents\DomainSamurai.0.1.34.air
[2010/04/02 12:19:54 | 001,384,448 | ---- | C] () -- C:\Users\USER\Documents\Mailing Bags Trade Price Lists New.xls
[2010/04/02 00:10:29 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/04/01 06:25:06 | 000,052,670 | ---- | C] () -- C:\Users\USER\Documents\Brannon's Optimumz Opposite Fix No M16 Beast!.psd
[2010/04/01 02:55:52 | 000,128,066 | ---- | C] () -- C:\Users\USER\Desktop\Brannon's Optimumz Xbox 360 Theme Don't EDIT DELETE.pdf
[2010/03/31 10:27:43 | 000,001,600 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/03/27 12:44:21 | 000,001,105 | ---- | C] () -- C:\Users\USER\Desktop\Play Roblox.lnk
[2010/03/24 23:09:19 | 001,365,886 | ---- | C] () -- C:\Users\USER\Documents\deck chair design.psd
[2010/03/24 17:40:34 | 000,176,266 | ---- | C] () -- C:\Users\USER\Documents\pantone_colour_chart.pdf
[2010/03/24 17:21:27 | 000,030,473 | ---- | C] () -- C:\Users\USER\Desktop\stripe.jpg
[2010/03/24 17:17:16 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2010/03/24 16:43:22 | 1139,864,748 | ---- | C] () -- C:\Users\USER\Documents\PhotoshopElements_8_MUL.7z
[2009/09/19 06:26:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/09 12:37:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/12 21:47:11 | 000,000,119 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/26 22:41:27 | 000,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2009/02/06 23:25:14 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/01/08 14:16:13 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2008/12/30 19:18:07 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/30 19:18:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/06/15 23:30:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:21 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ========== [2009/01/04 16:12:38 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\.BitTornado
[2009/04/26 22:23:28 | 000,000,000 | -H-D | M] -- C:\Users\USER\AppData\Roaming\AEVITA
[2010/04/14 09:19:23 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Birdstep Technology
[2010/06/06 11:59:44 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\BitTorrent
[2009/01/21 11:45:08 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Canon
[2010/06/21 12:05:12 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DNA
[2010/06/06 20:32:35 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Doctor Who
[2010/04/07 17:24:17 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/09/10 17:28:15 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/05/21 00:49:44 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Opera
[2008/03/27 06:56:13 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\SampleView
[2010/06/21 11:02:49 | 000,032,556 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/06/20 20:54:59 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B2865BEB-DC81-4AE1-B555-35B263B0B2D6}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/06/08 03:00:31 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/21 11:14:33 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/19 18:11:06 | 000,065,848 | ---- | M] () -- C:\Installer.jpg
[2009/05/27 16:08:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/27 16:08:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/21 11:14:29 | 2459,783,168 | -HS- | M] () -- C:\pagefile.sys
[2010/04/14 09:48:44 | 000,003,875 | ---- | M] () -- C:\SoftUpdateLog.txt
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\jnwppr.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav >[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV
< %systemroot%\system32\user32.dll /md5 >[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >[2008/01/19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\System32\ws2_32.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\USER\Documents\video.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\USER\Documents\superstunt_8uiarzrh.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\USER\Documents\Jim Bakkum Jessie.mp4:TOC.WMV
< End of report >
OTL Extras logfile created on: 21/06/2010 12:07:40 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Malware Removal
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.62 Gb Total Space | 70.66 Gb Free Space | 31.88% Space Free | Partition Type: NTFS
Drive D: | 11.27 Gb Total Space | 5.89 Gb Free Space | 52.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-PC
Current User Name: USER
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9FC82F56-0D1B-44F8-92D8-8223A3C8B4EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B0E83880-6F0C-4974-A366-B2D7DD184BB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2226186D-95DE-4233-9CC8-A44A64A4E7AC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7C900037-FE89-4504-B094-709ECE6CB90D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87CAADF7-23AE-4550-8D81-05FEE8B84C56}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9205137D-0BE9-462A-9396-AFBC4748381D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9C051607-FFB5-4F91-BD07-B08530AB1D8E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B3C3A185-911B-4D14-97B9-00CBE05BA77D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{B4EEE103-7914-4238-B748-5941DD6EFF46}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{BF149CEB-7B48-4F64-B987-093EB46632AF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D2610F41-A658-482C-8E7C-BB23348B27A4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E37C449C-F5C3-4F0D-A46E-FCB4309503F7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E484D5C8-D1A7-457F-B896-5A85C5F274D5}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{EFD89E0D-A032-44EA-AAF3-8D816308E9C3}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{EFDE61C3-0E77-45C2-8533-9774E4F47545}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F0F40D9E-4AFA-4076-9A38-3394EB4A90B1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{0468A611-CD5E-4A1B-9016-430ECF350453}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{0CA7D7ED-5AAF-43B9-BF69-275638F745AD}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{113CA019-3270-4B31-B435-DE60DDBC1D6D}C:\users\user\downloads\keygen.arcsoft.totalmedia.extreme.1.0.9.4.45042.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\keygen.arcsoft.totalmedia.extreme.1.0.9.4.45042.exe |
"TCP Query User{1679F963-45B8-4DB4-9501-1558FB86E0B1}C:\users\user\documents\brannons p\call of duty4-razor1911+keygen and crack\setup\data\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\user\documents\brannons p\call of duty4-razor1911+keygen and crack\setup\data\iw3mp.exe |
"TCP Query User{1A2919FC-5661-490A-BD93-351ABEFC763E}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{1D2BBE22-C802-45DC-85CD-EE91826E6C89}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{64F382E0-8297-4BD0-A9FF-68CD806FFC5F}C:\users\user\documents\brannons p\valve\hl.exe" = protocol=6 | dir=in | app=c:\users\user\documents\brannons p\valve\hl.exe |
"TCP Query User{7B8A88CE-32A3-4FDB-A5C2-02AF972DC004}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"TCP Query User{A9384AF1-69DC-4FA0-9F64-8219CD4AC81E}C:\users\user\documents\brannons p\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\user\documents\brannons p\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{AE5BC1D3-7FB5-455D-8F1B-49B055CDD3E1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B82ACB1D-5401-44BB-970F-F1F22C070915}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{B9E449F4-7B47-40AF-B0B3-D491826DBB1B}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{CC754753-2EFB-4660-B821-0DABC70480C2}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{07F3975A-3DA9-4BCF-9537-5BDAD14C6029}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{39D590D6-61AD-4494-97F7-C951561E5AEC}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{3E8AB2E4-1A15-4900-B154-D4C746AF1EF3}C:\users\user\documents\brannons p\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\user\documents\brannons p\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{44C6D79C-D583-4470-A694-C2B8FDD1C024}C:\users\user\downloads\keygen.arcsoft.totalmedia.extreme.1.0.9.4.45042.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\keygen.arcsoft.totalmedia.extreme.1.0.9.4.45042.exe |
"UDP Query User{72397FE8-1AAF-4F4D-81FF-EE5A33C099F0}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{781774BB-4EEE-4363-B905-1B763A005E21}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{91E0C3A7-B60A-4227-AF2B-9CCE921C3AFB}C:\users\user\documents\brannons p\valve\hl.exe" = protocol=17 | dir=in | app=c:\users\user\documents\brannons p\valve\hl.exe |
"UDP Query User{BDDACA4B-AECD-412E-AE79-402E980BD3A1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CADA2B09-9975-4A1B-B154-5ACB3500150F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D9C4C829-B8CF-426A-8A35-FD7D1D9DF4EC}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{E19D8EF2-502E-4330-B827-BB9FCE4A1525}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{EAB56AD8-581D-4490-9533-5D280BBC9F31}C:\users\user\documents\brannons p\call of duty4-razor1911+keygen and crack\setup\data\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\user\documents\brannons p\call of duty4-razor1911+keygen and crack\setup\data\iw3mp.exe |
"UDP Query User{F8AF99B6-2477-449E-8919-DA6005A5037D}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B68672F-C64F-4D29-9EDC-ECDCBE3C5F19}" = ArcSoft TotalMedia Extreme
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45582BF6-F1AF-DFF1-4D8E-881B15EE3E78}" = Domain Samurai
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45BA6F47-ED29-4ACB-8F40-BBAD4D644EE5}" = AviDecode
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8ECB8220-F423-4BEB-9596-97033C533702}" = QuickBooks Premier: Accountant Edition 2008
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F73FDEF-DDC1-4307-9D96-13AB3254641A}_is1" = Doctor Who: The Adventure Games
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{CF25C055-CB9F-FFDC-1FB6-3B790D3FE1ED}" = Market Samurai
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"{E629851A-1B1A-4671-961A-A9AF549E03A2}" = ArcSoft PhotoImpression 5
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Premium
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"AEVITA Save Flash_is1" = AEVITA Save Flash version 1.5
"BitTornado" = BitTornado 0.3.17
"CCleaner" = CCleaner (remove only)
"chklogo" = File Signature Verification
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F50&SUBSYS_207C14F1" = Soft Voice SoftRing Modem with SmartSP
"Disney Toontown Online" = Disney Toontown Online
"DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai
"EPSON Printer and Utilities" = EPSON Printer Software
"Fraps" = Fraps
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"gBurner" = gBurner
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"Huawei Modems" = Huawei modem
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = NETGEAR WG111v2 wireless USB 2.0 adapter
"Jewel Quest III" = Jewel Quest III (remove only)
"Magic ISO Maker v5.3 (build 0221)" = Magic ISO Maker v5.3 (build 0221)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mixed In Key" = Mixed In Key 2.5
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"SopCast" = SopCast 3.0.3
"uk-poker.co.uk" = uk-poker.co.uk
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Warcraft III" = Warcraft III
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for USER
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 13/06/2010 12:35:59 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13/06/2010 12:40:05 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13/06/2010 12:40:05 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13/06/2010 14:01:37 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13/06/2010 14:01:37 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13/06/2010 17:40:25 | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 13/06/2010 17:40:25 | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 13/06/2010 17:40:25 | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 13/06/2010 17:40:25 | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 13/06/2010 17:40:25 | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
[ System Events ]
Error - 17/06/2010 12:20:51 | Computer Name = USER-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
Error - 17/06/2010 18:56:26 | Computer Name = USER-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
Error - 19/06/2010 12:44:31 | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =
Error - 21/06/2010 02:43:06 | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =
Error - 21/06/2010 04:09:03 | Computer Name = USER-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
Error - 21/06/2010 06:14:40 | Computer Name = USER-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:12:44 on 21/06/2010 was unexpected.
Error - 21/06/2010 06:50:55 | Computer Name = USER-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
Error - 21/06/2010 06:56:10 | Computer Name = USER-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
Error - 21/06/2010 06:56:11 | Computer Name = USER-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
Error - 21/06/2010 06:56:13 | Computer Name = USER-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
< End of report >
This topic is locked
Sign In
Create Account
