MBAB:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4172
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/6/2010 10:57:50 AM
mbam-log-2010-06-06 (10-57-50).txt
Scan type: Quick scan
Objects scanned: 120273
Time elapsed: 8 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-06 11:15:35
Windows 5.1.2600 Service Pack 3
Running: 5x9s02e1.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgrcypog.sys
---- System - GMER 1.0.15 ----
SSDT spje.sys ZwEnumerateKey [0xF7768DA4]
SSDT spje.sys ZwEnumerateValueKey [0xF7769132]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8676C1F8
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
OTL:
OTL logfile created on: 6/6/2010 11:19:13 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 507.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 10.84 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 258.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 13.99 Gb Total Space | 13.91 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
Drive G: | 372.61 Gb Total Space | 300.40 Gb Free Space | 80.62% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ANONYMOUS
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/06 10:52:06 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/06/06 00:36:54 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/06 00:36:54 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/06 00:36:50 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/06 00:36:45 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/06 00:36:15 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/06 00:35:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/20 14:56:44 | 000,943,600 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/16 18:56:52 | 001,682,944 | ---- | M] (Curse) -- C:\Documents and Settings\Owner\Local Settings\Apps\2.0\NGGA6TC8.Z9K\4TCC48GQ.ZLT\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
PRC - [2009/04/20 14:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/02/09 18:54:14 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/03/19 19:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
========== Modules (SafeList) ==========
MOD - [2010/06/06 10:52:06 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2009/04/20 14:16:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/06/06 00:35:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
========== Driver Services (SafeList) ==========
DRV - [2010/06/06 00:38:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/06 00:38:23 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/06 00:38:22 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/12/01 23:27:13 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/20 22:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/04/20 14:32:09 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/12/16 16:48:40 | 000,021,144 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/03/29 13:36:00 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2007/03/26 17:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007/03/26 17:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2005/11/24 21:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/02/23 23:21:22 | 000,611,441 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/12/12 01:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
[2009/12/09 15:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/12/09 15:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: adam4adam.com ([www] https in Trusted sites)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...b?1271050188515 (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\DOCUME~1\Owner\LOCALS~1\Temp\501994453.dll) - C:\DOCUME~1\Owner\LOCALS~1\Temp\501994453.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper3.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper3.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/17 14:37:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/10 13:00:00 | 000,000,030 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4af30f43-d36e-11de-998b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4af30f43-d36e-11de-998b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4af30f43-d36e-11de-998b-806d6172696f}\Shell\AutoRun\command - "" = E:\Start.exe -- [2007/08/10 13:00:00 | 000,923,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/11/17 14:36:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/06/06 11:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Logs
[2010/06/06 10:40:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/06 10:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/06 10:27:14 | 000,000,000 | ---D | C] -- C:\New Folder
[2010/06/06 09:58:35 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/06/06 09:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/06/06 01:15:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/06 00:38:42 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/06 00:38:37 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/06 00:38:22 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/06 00:38:19 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/06 00:38:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/06 00:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/06 00:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/06 00:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/05 21:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2010/06/05 21:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/05/25 14:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MorarChat
[2010/05/25 14:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\MorarChat
[2010/05/18 20:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2010/05/13 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\KodakGallery
[2010/05/13 16:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2010/05/13 16:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/13 16:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/13 16:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
[2010/05/13 16:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Print Creations
[2010/05/13 16:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ArcSoft
[2010/05/13 16:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2010/05/13 16:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/05/13 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/05/13 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/05/13 16:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/05/13 16:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2010/05/13 16:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/05/13 16:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/05/12 23:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Draup
[2010/05/12 23:03:17 | 000,000,000 | ---D | C] -- C:\TitanHealBot
[2010/05/12 23:03:17 | 000,000,000 | ---D | C] -- C:\SharedMediaAdditionalFonts
[2010/05/12 23:03:17 | 000,000,000 | ---D | C] -- C:\SharedMedia
[2010/04/14 00:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Archive
[2010/04/12 01:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/04/08 17:25:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/08 11:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/04/06 06:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder
[2010/04/06 06:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2010/04/06 06:37:03 | 016,205,198 | ---- | C] (Mooii) -- C:\Documents and Settings\Owner\My Documents\PhotoScapeSetup_V3.4.exe
[2010/03/17 08:45:54 | 012,754,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MP10Setup.exe
[2010/03/17 08:43:00 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/03/10 04:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss
========== Files - Modified Within 90 Days ==========
[2010/06/06 11:17:51 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/06/06 10:53:33 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OTL.exe.lnk
[2010/06/06 10:32:59 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/06 10:32:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/06 10:32:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 10:32:16 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/06 10:31:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/06 10:31:10 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/06/06 10:26:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/06 10:25:57 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/06/06 10:22:29 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/06 10:17:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/06 10:09:53 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/06 10:09:53 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/06 10:09:53 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/06 10:02:14 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\5x9s02e1.exe
[2010/06/06 09:58:19 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/06/06 09:49:02 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2010/06/06 09:23:55 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1364589140-1644491937-1003UA.job
[2010/06/06 00:38:46 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/06 00:38:45 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/06 00:38:41 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/06 00:38:23 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/06 00:38:22 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/06 00:38:19 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/06 00:38:18 | 060,732,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/05 21:33:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/05 21:24:40 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/05 21:24:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/05 21:24:40 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/05 21:23:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1364589140-1644491937-1003Core.job
[2010/06/05 21:22:32 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/05/27 18:28:07 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/05/25 13:11:14 | 000,029,696 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/18 23:02:04 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\John.html.doc
[2010/05/16 12:39:45 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/05/13 17:03:14 | 000,005,120 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/13 16:40:28 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2010/05/13 00:52:42 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AddOns.lnk
[2010/05/10 10:30:21 | 000,010,553 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Good Morning Sunshine.docx
[2010/05/02 20:05:17 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/06 06:44:47 | 000,092,160 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\photothumb.db
[2010/04/06 06:38:29 | 000,065,368 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/06 06:38:18 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PhotoScape.lnk
[2010/04/06 06:37:02 | 016,205,198 | ---- | M] (Mooii) -- C:\Documents and Settings\Owner\My Documents\PhotoScapeSetup_V3.4.exe
========== Files Created - No Company Name ==========
[2010/06/06 10:53:33 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OTL.exe.lnk
[2010/06/06 10:32:16 | 1072,156,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/06 10:17:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/06/06 10:02:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\5x9s02e1.exe
[2010/06/06 09:49:02 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2010/06/06 00:38:46 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/06 00:38:18 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/06 00:38:09 | 060,732,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/05 21:22:32 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/06/05 21:18:18 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1364589140-1644491937-1003UA.job
[2010/06/05 21:18:18 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1364589140-1644491937-1003Core.job
[2010/06/05 16:02:01 | 000,011,863 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\john email.docx
[2010/05/18 22:39:39 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\John.html.doc
[2010/05/16 12:39:45 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/05/13 16:59:50 | 000,029,696 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/13 16:59:50 | 000,005,120 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/13 16:40:28 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2010/05/13 16:37:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/05/13 00:52:42 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AddOns.lnk
[2010/05/10 10:30:21 | 000,010,553 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Good Morning Sunshine.docx
[2010/04/06 06:38:46 | 000,092,160 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\photothumb.db
[2010/04/06 06:38:18 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PhotoScape.lnk
[2010/02/28 13:02:17 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/12/06 00:26:47 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/12/06 00:26:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/12/01 23:27:13 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/17 07:42:55 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009/04/20 14:25:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
========== LOP Check ==========
[2010/02/27 21:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/06 09:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/06 01:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/01 23:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/12/06 00:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/02/28 03:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/01 23:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/04/12 01:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2009/11/17 14:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/05/25 14:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MorarChat
[2009/12/17 23:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Alert 3 Uprising
[2010/05/13 16:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/12/06 00:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/05/22 17:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/05/27 18:28:07 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/11/17 14:37:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/05 21:24:40 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/11/17 14:37:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/06 10:32:16 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/17 14:37:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/17 14:37:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/06 10:32:14 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/11/17 07:41:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/11/17 07:41:50 | 001,073,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/11/17 07:41:50 | 000,835,584 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2009/04/20 14:19:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3DE22354C3609B3C3E5DC2C19C5E0693 -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 08:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
Don't know if this is relevant, but I got the Blue Screen of Death RIGHT after I posted this topic. Here is the error code when I restarted:
BCCode : f4 BCP1 : 00000003 BCP2 : 86163DA0 BCP3 : 86163F14
BCP4 : 805FB186 OSVer : 5_1_2600 SP : 3_0 Product : 256_1
Edited by ldtate, 06 June 2010 - 09:41 AM.