http://www.prevx.com...AG10BC.EXE.html
Please help me remove the above or will need to format HD.
Edited by RKinner, 01 July 2010 - 01:58 PM.
d-xdiag10bc.exe infected (DONE)
Started by
Chrisgal
, Jun 28 2010 12:07 AM
#1
Posted 28 June 2010 - 12:07 AM
Chrisgal
-
- Member
-
- 9 posts
New Member
http://www.prevx.com...AG10BC.EXE.html
Please help me remove the above or will need to format HD.
#2
Posted 28 June 2010 - 12:28 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Do as much of
http://www.geekstogo...uide-t2852.html
as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.
If you lose internet access after running MBAM or if you are not able to get to the downloads:
In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.
In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.
In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.
Ron
http://www.geekstogo...uide-t2852.html
as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.
If you lose internet access after running MBAM or if you are not able to get to the downloads:
In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.
In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.
In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.
Ron
#3
Posted 28 June 2010 - 01:10 AM
Chrisgal
- Topic Starter
-
- Member
-
- 9 posts
New Member
Thanks for the quick response - will need to do this when I get home tonight.
#4
Posted 28 June 2010 - 01:49 PM
Chrisgal
- Topic Starter
-
- Member
-
- 9 posts
New Member
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4251
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28/06/2010 20:24:28
mbam-log-2010-06-28 (20-24-28).txt
Scan type: Quick scan
Objects scanned: 152546
Time elapsed: 20 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL Extras logfile created on: 28/06/2010 19:41:29 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = H:\Geeks to Go
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 13.75 Gb Free Space | 18.45% Space Free | Partition Type: NTFS
Drive D: | 9.53 Gb Total Space | 6.42 Gb Free Space | 67.41% Space Free | Partition Type: FAT32
Drive E: | 4.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.29 Gb Total Space | 6.48 Gb Free Space | 88.96% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: CHRIS-6847EFA79
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- File not found
"C:\Documents and Settings\Chris\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Chris\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- File not found
"C:\Program Files\Zattoo\zattood.exe" = C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood -- File not found
"C:\Program Files\Zattoo\Zattoo2.exe" = C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled: -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Documents and Settings\Chris\My Documents\Downloads\MYP2P EPL MEDIA PLAYER v1.1\No Install exe\MYP2P EPL MEDIA PLAYER v1.1.exe" = C:\Documents and Settings\Chris\My Documents\Downloads\MYP2P EPL MEDIA PLAYER v1.1\No Install exe\MYP2P EPL MEDIA PLAYER v1.1.exe:*:Enabled:MYP2P EPL MEDIA PLAYER v1.1 -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Destiny\RadioDestiny Broadcaster\RadioDestiny Broadcaster.exe" = C:\Program Files\Destiny\RadioDestiny Broadcaster\RadioDestiny Broadcaster.exe:*:Enabled:RadioDestiny Broadcaster -- File not found
"C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe" = C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{20140000-000F-0000-0000-0000000FF1CE}" = Microsoft Office Mondo 2010 (Beta)
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0102-0409-0000-0000000FF1CE}" = Microsoft Office MondoOnly MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE6BC921-9E30-4F5A-A742-56A695887BC7}" = Xara Xtreme Pro
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD2E3551-29BB-4FC6-B775-A3330955F7B6}" = Searchme Toolbar
"{FD5CA042-8ABC-47F0-9CFA-163C41DECF72}" = Readon TV Movie Radio Player 6.0.0.0
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"AAA Logo 2009 Business_is1" = AAA Logo 2009 Business Edition 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Advanced Disk Catalog" = Advanced Disk Catalog
"Applian FLV Player2.0.24" = Applian FLV Player
"AVG9Uninstall" = AVG Free 9.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 User’s Guide" = EPSON Stylus SX100_TX100 Manual
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"Font Viewer_is1" = Font Viewer 2.0
"FontTwister" = FontTwister 1.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmfsetup_is1" = MixMeister Fusion 7.3.5
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.MONDO" = Microsoft Office Mondo 2010
"Power CD+G Filter_is1" = Power CD+G Filter
"Sage Line 50 6.0" = Sage Line 50 6.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SopCast" = SopCast 3.0.3
"ST6UNST #1" = MYP2P EPL MEDIA PLAYER v1.1
"The_Streaming_Lounge Toolbar" = The_Streaming_Lounge Toolbar
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.5.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.16
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22/06/2010 13:16:28 | Computer Name = CHRIS-6847EFA79 | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 26/06/2010 11:48:46 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 26/06/2010 14:55:55 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application Adc.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 26/06/2010 14:58:39 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application Adc.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 26/06/2010 15:02:28 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application Adc.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 26/06/2010 16:06:07 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 27/06/2010 05:04:34 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application Adc.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 27/06/2010 06:23:51 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 28/06/2010 06:00:36 | Computer Name = CHRIS-6847EFA79 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 d-xdiag10bc.exe, P2 1.2.1.0, P3 4c24d5c6, P4
system, P5 2.0.0.0, P6 4ba85929, P7 290b, P8 e3, P9 system.io.ioexception, P10
NIL.
Error - 28/06/2010 10:04:20 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 9.0.0.825, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 28/06/2010 12:42:58 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 28/06/2010 12:42:58 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 28/06/2010 12:42:58 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 28/06/2010 12:42:58 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Maintenance Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 28/06/2010 12:42:58 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 28/06/2010 12:43:00 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
Error - 28/06/2010 12:43:01 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).
Error - 28/06/2010 12:43:01 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 1 time(s).
Error - 28/06/2010 12:43:04 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 28/06/2010 12:49:06 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7000
Description = The Realtek EAPPkt Protocol service failed to start due to the following
error: %%2
< End of report >
OTL logfile created on: 28/06/2010 19:41:29 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = H:\Geeks to Go
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 13.75 Gb Free Space | 18.45% Space Free | Partition Type: NTFS
Drive D: | 9.53 Gb Total Space | 6.42 Gb Free Space | 67.41% Space Free | Partition Type: FAT32
Drive E: | 4.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.29 Gb Total Space | 6.48 Gb Free Space | 88.96% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: CHRIS-6847EFA79
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/28 07:21:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- H:\Geeks to Go\OTL.exe
PRC - [2010/06/25 18:14:00 | 000,218,624 | ---- | M] (Microsoft) -- C:\Documents and Settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe
PRC - [2010/06/10 12:55:19 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/06/10 12:55:09 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/06/03 09:41:29 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/03 09:41:28 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/03 09:41:28 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/03 09:41:25 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/03 09:41:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/04 00:48:51 | 000,015,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
PRC - [2010/03/15 10:18:03 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/15 10:17:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/27 17:46:21 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/08/21 15:49:54 | 000,428,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/08/21 15:49:54 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/08/17 18:53:32 | 000,661,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/10/21 16:43:57 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 06:42:52 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/09/14 14:47:44 | 000,167,936 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005/03/08 04:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
========== Modules (SafeList) ==========
MOD - [2010/06/28 07:21:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- H:\Geeks to Go\OTL.exe
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/06/10 12:55:19 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/15 10:18:03 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/15 10:17:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/14 19:18:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/21 15:47:14 | 030,510,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/08/21 15:36:08 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
========== Driver Services (SafeList) ==========
DRV - [2010/06/10 12:55:10 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/03 09:41:28 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/03 09:41:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/04 08:58:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/15 10:17:57 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/15 12:35:37 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/17 01:04:50 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/14 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/01/29 20:15:26 | 000,185,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2007/01/25 17:37:16 | 004,027,456 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/01/08 12:41:32 | 000,003,078 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\EAPPkt.inf -- (EAPPkt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 B3 51 4A D6 36 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2010/04/02 17:36:16 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (The Streaming Lounge Toolbar) - {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (The Streaming Lounge Toolbar) - {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (The Streaming Lounge Toolbar) - {84AB7B40-6AA5-4009-B1A3-5883080F0C9E} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [d-x10bc] C:\Documents and Settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe (Microsoft)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Samsung Master [2009/08/28 23:01:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: the-streaming-lounge.co.uk ([www] http in Local intranet)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1218957462859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1228857100046 (MUWebControl Class)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.co.../downloader.cab (DLoader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://skyonline.obe...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://59.60.191.66/spvod.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/28 12:58:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/03 13:21:48 | 000,244,004 | ---- | M] () - H:\Automatic door.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/09 08:49:20 | 000,041,640 | ---- | M] () - H:\Autonedt2.PDF -- [ FAT32 ]
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\AutoRun\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\open\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/17 07:28:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
========== Files/Folders - Created Within 90 Days ==========
[2010/06/28 17:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/28 17:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/26 15:45:35 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Chris\Application Data\dx10bac
[2010/06/21 18:07:49 | 000,000,000 | ---D | C] -- C:\A Northern Soul
[2010/06/06 09:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/06 08:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/06 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\Adobe CS5
[2010/05/31 11:27:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\My Documents\My Shapes
[2010/05/29 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2008
[2010/05/29 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2005
[2010/05/29 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/05/29 19:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/29 19:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/29 19:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/05/29 19:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/05/29 19:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/05/29 19:25:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/29 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/29 19:22:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/29 19:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\WinRAR
[2010/05/23 17:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Makayama Interactive
[2010/05/15 19:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple_Inc
[2010/05/15 08:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/13 18:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\FontTwister
[2010/05/12 17:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/03 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/03 18:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/03 14:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Temp
[2010/05/01 11:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/26 23:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/24 18:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2010/04/24 18:49:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/24 18:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/24 18:49:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 18:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/24 18:47:48 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\mbam-setup-1.45.exe
[2010/04/21 09:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2010/04/05 17:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/05 13:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 1
[2010/04/05 13:14:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 3
[2010/04/05 13:13:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 2
[2010/04/04 09:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\OneNote Notebooks
[2010/04/04 09:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft Help
[2010/04/04 09:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/04 08:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2010/04/04 08:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Pro
[2010/04/04 08:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
========== Files - Modified Within 90 Days ==========
[2010/06/28 19:17:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/28 19:01:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/28 17:52:16 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/28 17:48:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/28 17:48:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/28 17:47:35 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2010/06/28 17:47:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/06/28 17:45:17 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\NTREGOPT.lnk
[2010/06/28 17:45:17 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\ERUNT.lnk
[2010/06/28 16:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/28 05:37:56 | 061,441,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/28 02:00:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
[2010/06/26 15:45:38 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\nt.bat
[2010/06/26 15:16:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/25 12:19:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 03:04:27 | 000,492,912 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:04:27 | 000,435,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:04:27 | 000,068,470 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/20 10:07:12 | 024,774,111 | ---- | M] () -- C:\Documents and Settings\Chris\chris.cat
[2010/06/12 00:15:48 | 000,001,449 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\DivX Movies.lnk
[2010/06/12 00:15:28 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/12 00:15:01 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/11 03:38:51 | 003,811,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 03:21:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 12:55:10 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/06/10 12:55:10 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/06/10 12:55:10 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/06/06 09:03:57 | 000,078,504 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/03 09:41:28 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/03 09:41:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/29 19:39:02 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/05/29 19:36:06 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/29 19:26:36 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/29 15:52:50 | 000,003,199 | ---- | M] () -- C:\WINDOWS\SAGE.INI
[2010/05/29 15:52:50 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SGREP32.INI
[2010/05/29 13:56:58 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2010/05/24 18:59:27 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Hilarys blinds.doc
[2010/05/23 15:27:04 | 000,063,640 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/23 15:12:49 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/16 11:22:43 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 18:33:23 | 001,562,966 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\chrisgal.bmp
[2010/05/08 17:28:52 | 004,007,266 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SAGEBACK.001
[2010/05/08 17:13:14 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 23:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 11:13:44 | 000,041,542 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\09010516801M.docx
[2010/04/26 11:03:58 | 000,041,535 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Module 1 assignment 2 Christie.docx
[2010/04/24 19:13:31 | 000,020,858 | -HS- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\2HI0s
[2010/04/24 19:13:31 | 000,020,858 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2HI0s
[2010/04/24 18:49:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/24 18:21:28 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\mbam-setup-1.45.exe
[2010/04/21 22:02:34 | 000,013,774 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Journal articles from an electronic source.docx
[2010/04/15 19:58:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/12 22:32:48 | 000,017,107 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Jan.docx
[2010/04/11 08:46:08 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\rogerspeed[1].doc
[2010/04/10 19:54:44 | 001,615,522 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2010/04/08 20:56:01 | 000,016,977 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Nancy roper.docx
[2010/04/05 17:29:03 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/04 08:58:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2010/04/04 08:58:21 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
========== Files Created - No Company Name ==========
[2010/06/28 17:45:17 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\NTREGOPT.lnk
[2010/06/28 17:45:17 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\ERUNT.lnk
[2010/06/26 15:45:38 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\nt.bat
[2010/06/26 10:51:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/12 00:15:28 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/06 09:18:26 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
[2010/05/29 19:39:02 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/05/24 18:59:27 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Hilarys blinds.doc
[2010/05/23 15:27:04 | 000,063,640 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/15 08:12:35 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/13 18:33:22 | 001,562,966 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\chrisgal.bmp
[2010/05/08 17:40:41 | 004,007,266 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SAGEBACK.001
[2010/05/03 18:11:48 | 000,002,149 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\iTunes.lnk
[2010/05/03 18:11:48 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/03 14:06:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/03 14:06:24 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 11:13:44 | 000,041,542 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\09010516801M.docx
[2010/04/26 11:03:57 | 000,041,535 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Module 1 assignment 2 Christie.docx
[2010/04/24 18:49:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/24 17:34:38 | 000,020,858 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\2HI0s
[2010/04/24 17:34:38 | 000,020,858 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2HI0s
[2010/04/21 22:02:34 | 000,013,774 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Journal articles from an electronic source.docx
[2010/04/12 22:32:21 | 000,017,107 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Jan.docx
[2010/04/11 08:46:07 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\rogerspeed[1].doc
[2010/04/06 21:02:42 | 000,016,977 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Nancy roper.docx
[2010/04/05 17:29:03 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/04 08:58:24 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2010/04/04 08:58:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/17 20:21:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\dice.ini
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/08/28 23:01:08 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/28 23:01:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/02 03:17:50 | 000,000,253 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/26 18:54:09 | 000,002,713 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/16 05:21:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/03/08 15:07:14 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2009/03/08 14:59:16 | 000,977,920 | ---- | C] () -- C:\WINDOWS\System32\Sgrep32.dll
[2009/03/08 14:59:16 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\Sgtool32.dll
[2009/03/08 14:59:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\SGOPopDg.dll
[2009/03/08 14:59:16 | 000,228,864 | ---- | C] () -- C:\WINDOWS\System32\Sgtbar32.dll
[2009/03/08 14:59:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2009/03/08 14:59:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\sg50fl32.dll
[2009/03/08 14:59:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\sg50im32.dll
[2009/03/08 14:59:16 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\Sgappbar.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Ut32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Sk32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Ps32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50iv32.dll
[2009/03/08 14:59:16 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Sgstat32.dll
[2009/03/08 14:59:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\Sglogo32.dll
[2009/03/08 14:59:16 | 000,003,199 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2009/03/08 14:59:15 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\Sglist32.dll
[2009/03/08 14:59:15 | 000,296,448 | ---- | C] () -- C:\WINDOWS\System32\Sgcdlg32.dll
[2009/03/08 14:59:15 | 000,264,704 | ---- | C] () -- C:\WINDOWS\System32\Sglch32.dll
[2009/03/08 14:59:15 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\Sghelp32.dll
[2009/03/08 14:59:15 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\Sgintl32.dll
[2009/03/08 14:59:15 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\Sgcom32.dll
[2009/03/08 14:59:15 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\Sgdt32.dll
[2009/03/08 14:59:15 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\Sg3d32.dll
[2009/02/10 21:36:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/10 21:16:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDESX100DEFGIPS.ini
[2008/10/28 16:51:13 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/10/28 16:51:07 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/09/12 18:31:54 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/28 18:34:35 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/07/28 16:04:09 | 000,000,612 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
========== LOP Check ==========
[2009/10/25 19:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/04 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/02/10 21:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/04/26 18:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/03/21 10:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/10/28 16:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/06 09:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/02/10 21:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/04/05 17:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 18:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 14:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/04 09:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Pro
[2010/04/24 20:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Desktopicon
[2010/06/26 15:45:42 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Chris\Application Data\dx10bac
[2009/03/08 15:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\EPSON
[2010/02/21 23:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Facebook
[2008/12/07 13:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\LG Electronics
[2010/03/06 23:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\licenses
[2010/03/06 23:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PCMM2009
[2010/03/06 23:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PCMM2010
[2010/03/04 20:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\pokerth
[2009/11/15 12:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Samsung
[2010/02/07 11:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Thinstall
[2010/06/28 19:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2010/03/06 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Vso
[2010/06/28 19:01:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/03/21 10:17:01 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/10/28 12:58:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/17 07:24:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/10/28 12:58:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/10/28 12:58:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/26 20:01:30 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/10/28 12:58:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/28 17:48:46 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2009/01/03 16:05:50 | 000,000,198 | ---- | M] () -- C:\Shortcut to CD Drive.lnk
[2009/03/24 11:49:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/24 23:06:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/12 18:24:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/27 20:11:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/30 02:16:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/06/19 15:49:48 | 000,000,292 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/06/22 23:36:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/07/15 17:45:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/07/16 21:02:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/10/20 22:51:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/11/08 17:31:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/11/08 18:26:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/09 02:58:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/09 03:00:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/12/09 19:50:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/12/09 22:12:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/01/15 07:16:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/02/04 22:36:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/06 22:53:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/06 22:53:06 | 000,000,172 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/24 11:49:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/24 23:06:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/05/12 18:24:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/27 20:11:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/30 02:16:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/06/19 15:49:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/06/22 23:36:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/07/15 17:45:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/07/16 21:02:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/10/20 22:51:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/11/08 17:31:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/11/08 18:26:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/09 02:58:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/09 03:00:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/12/09 19:50:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/12/09 22:12:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/01/15 07:16:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/04 22:36:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/06 22:53:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/06 22:53:06 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/05/19 09:53:47 | 000,087,040 | ---- | M] () -- C:\ucas.doc
[2009/05/15 16:18:10 | 000,000,162 | -H-- | M] () -- C:\~$ucas.doc
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/06/10 12:55:10 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/08/17 08:17:39 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/17 07:09:26 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/08/17 08:17:39 | 015,986,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/17 08:17:41 | 003,932,160 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 13:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 02:06:47
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-28 19:33:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\kwadiaog.sys
---- System - GMER 1.0.15 ----
SSDT spga.sys ZwCreateKey [0xB9EB50E0]
SSDT spga.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spga.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT spga.sys ZwOpenKey [0xB9EB50C0]
SSDT spga.sys ZwQueryKey [0xB9ECE20A]
SSDT spga.sys ZwQueryValueKey [0xB9ECE08A]
SSDT spga.sys ZwSetValueKey [0xB9ECE29C]
INT 0x62 ? 89A6ABF8
INT 0x63 ? 89735BF8
INT 0x63 ? 89735BF8
INT 0x63 ? 89735BF8
INT 0x63 ? 89735BF8
INT 0x63 ? 89735BF8
INT 0x63 ? 89735BF8
INT 0x82 ? 89A6ABF8
INT 0x83 ? 89A6ABF8
---- Kernel code sections - GMER 1.0.15 ----
? spga.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9C308AC 5 Bytes JMP 897351D8
.text aaht95n6.SYS B9440386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aaht95n6.SYS B94403AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aaht95n6.SYS B94403C4 3 Bytes [00, 80, 02]
.text aaht95n6.SYS B94403C9 1 Byte [30]
.text aaht95n6.SYS B94403C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89A691F8
Device \FileSystem\Fastfat \FatCdrom 897EB500
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\PCI_PNP4974 \Device\00000044 spga.sys
Device \Driver\usbuhci \Device\USBPDO-0 8987C1F8
Device \Driver\usbuhci \Device\USBPDO-1 8987C1F8
Device \Driver\usbuhci \Device\USBPDO-2 8987C1F8
Device \Driver\usbuhci \Device\USBPDO-3 8987C1F8
Device \Driver\usbehci \Device\USBPDO-4 898651F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\sptd \Device\2916356224 spga.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 899FF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 899FF1F8
Device \Driver\Cdrom \Device\CdRom0 8973F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F7A54B0A-8F71-4AE4-9F6E-D203F347C279} 8974D1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1c [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-24 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-8 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8973F1F8
Device \Driver\Cdrom \Device\CdRom2 8973F1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8974D1F8
Device \Driver\NetBT \Device\NetbiosSmb 8974D1F8
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000006c 898331F8
Device \Driver\usbuhci \Device\USBFDO-0 8987C1F8
Device \Driver\usbuhci \Device\USBFDO-1 8987C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 892BC1F8
Device \Driver\usbuhci \Device\USBFDO-2 8987C1F8
Device \Driver\usbuhci \Device\USBFDO-3 8987C1F8
Device \Driver\USBSTOR \Device\0000006f 898331F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 892BC1F8
Device \Driver\Ftdisk \Device\FtControl 899FF1F8
Device \Driver\usbehci \Device\USBFDO-4 898651F8
Device \Driver\aaht95n6 \Device\Scsi\aaht95n61 896D01F8
Device \Driver\aaht95n6 \Device\Scsi\aaht95n61Port4Path0Target0Lun0 896D01F8
Device \FileSystem\Fastfat \Fat 897EB500
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 897081F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060b2db8b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060b2db8b@00249030bd08 0x32 0x1F 0x88 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x42 0x03 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0x09 0xF5 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xCA 0xBD 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0xF9 0xFE 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060b2db8b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060b2db8b@00249030bd08 0x32 0x1F 0x88 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x42 0x03 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0x09 0xF5 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xCA 0xBD 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0xF9 0xFE 0xCF ...
---- EOF - GMER 1.0.15 ----
www.malwarebytes.org
Database version: 4251
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
28/06/2010 20:24:28
mbam-log-2010-06-28 (20-24-28).txt
Scan type: Quick scan
Objects scanned: 152546
Time elapsed: 20 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL Extras logfile created on: 28/06/2010 19:41:29 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = H:\Geeks to Go
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 13.75 Gb Free Space | 18.45% Space Free | Partition Type: NTFS
Drive D: | 9.53 Gb Total Space | 6.42 Gb Free Space | 67.41% Space Free | Partition Type: FAT32
Drive E: | 4.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.29 Gb Total Space | 6.48 Gb Free Space | 88.96% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: CHRIS-6847EFA79
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- File not found
"C:\Documents and Settings\Chris\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Chris\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- File not found
"C:\Program Files\Zattoo\zattood.exe" = C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood -- File not found
"C:\Program Files\Zattoo\Zattoo2.exe" = C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled: -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Documents and Settings\Chris\My Documents\Downloads\MYP2P EPL MEDIA PLAYER v1.1\No Install exe\MYP2P EPL MEDIA PLAYER v1.1.exe" = C:\Documents and Settings\Chris\My Documents\Downloads\MYP2P EPL MEDIA PLAYER v1.1\No Install exe\MYP2P EPL MEDIA PLAYER v1.1.exe:*:Enabled:MYP2P EPL MEDIA PLAYER v1.1 -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Destiny\RadioDestiny Broadcaster\RadioDestiny Broadcaster.exe" = C:\Program Files\Destiny\RadioDestiny Broadcaster\RadioDestiny Broadcaster.exe:*:Enabled:RadioDestiny Broadcaster -- File not found
"C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe" = C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{20140000-000F-0000-0000-0000000FF1CE}" = Microsoft Office Mondo 2010 (Beta)
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0102-0409-0000-0000000FF1CE}" = Microsoft Office MondoOnly MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE6BC921-9E30-4F5A-A742-56A695887BC7}" = Xara Xtreme Pro
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD2E3551-29BB-4FC6-B775-A3330955F7B6}" = Searchme Toolbar
"{FD5CA042-8ABC-47F0-9CFA-163C41DECF72}" = Readon TV Movie Radio Player 6.0.0.0
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"AAA Logo 2009 Business_is1" = AAA Logo 2009 Business Edition 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Advanced Disk Catalog" = Advanced Disk Catalog
"Applian FLV Player2.0.24" = Applian FLV Player
"AVG9Uninstall" = AVG Free 9.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 User’s Guide" = EPSON Stylus SX100_TX100 Manual
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"Font Viewer_is1" = Font Viewer 2.0
"FontTwister" = FontTwister 1.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmfsetup_is1" = MixMeister Fusion 7.3.5
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.MONDO" = Microsoft Office Mondo 2010
"Power CD+G Filter_is1" = Power CD+G Filter
"Sage Line 50 6.0" = Sage Line 50 6.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SopCast" = SopCast 3.0.3
"ST6UNST #1" = MYP2P EPL MEDIA PLAYER v1.1
"The_Streaming_Lounge Toolbar" = The_Streaming_Lounge Toolbar
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.5.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.16
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22/06/2010 13:16:28 | Computer Name = CHRIS-6847EFA79 | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)
Error - 26/06/2010 11:48:46 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 26/06/2010 14:55:55 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application Adc.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 26/06/2010 14:58:39 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application Adc.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 26/06/2010 15:02:28 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application Adc.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 26/06/2010 16:06:07 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 27/06/2010 05:04:34 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application Adc.exe, version 1.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 27/06/2010 06:23:51 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 28/06/2010 06:00:36 | Computer Name = CHRIS-6847EFA79 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 d-xdiag10bc.exe, P2 1.2.1.0, P3 4c24d5c6, P4
system, P5 2.0.0.0, P6 4ba85929, P7 290b, P8 e3, P9 system.io.ioexception, P10
NIL.
Error - 28/06/2010 10:04:20 | Computer Name = CHRIS-6847EFA79 | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 9.0.0.825, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 28/06/2010 12:42:58 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 28/06/2010 12:42:58 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 28/06/2010 12:42:58 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 28/06/2010 12:42:58 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Maintenance Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 28/06/2010 12:42:58 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 28/06/2010 12:43:00 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
Error - 28/06/2010 12:43:01 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).
Error - 28/06/2010 12:43:01 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 1 time(s).
Error - 28/06/2010 12:43:04 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 28/06/2010 12:49:06 | Computer Name = CHRIS-6847EFA79 | Source = Service Control Manager | ID = 7000
Description = The Realtek EAPPkt Protocol service failed to start due to the following
error: %%2
< End of report >
OTL logfile created on: 28/06/2010 19:41:29 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = H:\Geeks to Go
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 13.75 Gb Free Space | 18.45% Space Free | Partition Type: NTFS
Drive D: | 9.53 Gb Total Space | 6.42 Gb Free Space | 67.41% Space Free | Partition Type: FAT32
Drive E: | 4.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.29 Gb Total Space | 6.48 Gb Free Space | 88.96% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: CHRIS-6847EFA79
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/28 07:21:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- H:\Geeks to Go\OTL.exe
PRC - [2010/06/25 18:14:00 | 000,218,624 | ---- | M] (Microsoft) -- C:\Documents and Settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe
PRC - [2010/06/10 12:55:19 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/06/10 12:55:09 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/06/03 09:41:29 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/03 09:41:28 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/03 09:41:28 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/03 09:41:25 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/03 09:41:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/04 00:48:51 | 000,015,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
PRC - [2010/03/15 10:18:03 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/15 10:17:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/27 17:46:21 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/08/21 15:49:54 | 000,428,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/08/21 15:49:54 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/08/17 18:53:32 | 000,661,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/10/21 16:43:57 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 06:42:52 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/09/14 14:47:44 | 000,167,936 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005/03/08 04:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
========== Modules (SafeList) ==========
MOD - [2010/06/28 07:21:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- H:\Geeks to Go\OTL.exe
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/06/10 12:55:19 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/15 10:18:03 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/15 10:17:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/14 19:18:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/21 15:47:14 | 030,510,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/08/21 15:36:08 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
========== Driver Services (SafeList) ==========
DRV - [2010/06/10 12:55:10 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/03 09:41:28 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/03 09:41:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/04 08:58:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/15 10:17:57 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/15 12:35:37 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/17 01:04:50 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/14 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/01/29 20:15:26 | 000,185,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2007/01/25 17:37:16 | 004,027,456 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/01/08 12:41:32 | 000,003,078 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\EAPPkt.inf -- (EAPPkt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 B3 51 4A D6 36 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2010/04/02 17:36:16 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (The Streaming Lounge Toolbar) - {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (The Streaming Lounge Toolbar) - {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (The Streaming Lounge Toolbar) - {84AB7B40-6AA5-4009-B1A3-5883080F0C9E} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [d-x10bc] C:\Documents and Settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe (Microsoft)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Samsung Master [2009/08/28 23:01:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: the-streaming-lounge.co.uk ([www] http in Local intranet)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1218957462859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1228857100046 (MUWebControl Class)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.co.../downloader.cab (DLoader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://skyonline.obe...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://59.60.191.66/spvod.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/28 12:58:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/03 13:21:48 | 000,244,004 | ---- | M] () - H:\Automatic door.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/09 08:49:20 | 000,041,640 | ---- | M] () - H:\Autonedt2.PDF -- [ FAT32 ]
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\AutoRun\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\open\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/17 07:28:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
========== Files/Folders - Created Within 90 Days ==========
[2010/06/28 17:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/28 17:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/26 15:45:35 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Chris\Application Data\dx10bac
[2010/06/21 18:07:49 | 000,000,000 | ---D | C] -- C:\A Northern Soul
[2010/06/06 09:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/06 08:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/06 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\Adobe CS5
[2010/05/31 11:27:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\My Documents\My Shapes
[2010/05/29 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2008
[2010/05/29 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2005
[2010/05/29 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/05/29 19:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/29 19:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/29 19:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/05/29 19:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/05/29 19:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/05/29 19:25:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/29 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/29 19:22:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/29 19:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\WinRAR
[2010/05/23 17:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Makayama Interactive
[2010/05/15 19:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple_Inc
[2010/05/15 08:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/13 18:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\FontTwister
[2010/05/12 17:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/03 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/03 18:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/03 14:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Temp
[2010/05/01 11:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/26 23:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/24 18:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2010/04/24 18:49:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/24 18:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/24 18:49:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 18:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/24 18:47:48 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\mbam-setup-1.45.exe
[2010/04/21 09:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2010/04/05 17:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/05 13:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 1
[2010/04/05 13:14:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 3
[2010/04/05 13:13:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 2
[2010/04/04 09:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\OneNote Notebooks
[2010/04/04 09:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft Help
[2010/04/04 09:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/04 08:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2010/04/04 08:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Pro
[2010/04/04 08:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
========== Files - Modified Within 90 Days ==========
[2010/06/28 19:17:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/28 19:01:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/28 17:52:16 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/28 17:48:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/28 17:48:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/28 17:47:35 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2010/06/28 17:47:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/06/28 17:45:17 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\NTREGOPT.lnk
[2010/06/28 17:45:17 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\ERUNT.lnk
[2010/06/28 16:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/28 05:37:56 | 061,441,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/28 02:00:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
[2010/06/26 15:45:38 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\nt.bat
[2010/06/26 15:16:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/25 12:19:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 03:04:27 | 000,492,912 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:04:27 | 000,435,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:04:27 | 000,068,470 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/20 10:07:12 | 024,774,111 | ---- | M] () -- C:\Documents and Settings\Chris\chris.cat
[2010/06/12 00:15:48 | 000,001,449 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\DivX Movies.lnk
[2010/06/12 00:15:28 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/12 00:15:01 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/11 03:38:51 | 003,811,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 03:21:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 12:55:10 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/06/10 12:55:10 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/06/10 12:55:10 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/06/06 09:03:57 | 000,078,504 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/03 09:41:28 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/03 09:41:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/29 19:39:02 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/05/29 19:36:06 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/29 19:26:36 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/29 15:52:50 | 000,003,199 | ---- | M] () -- C:\WINDOWS\SAGE.INI
[2010/05/29 15:52:50 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SGREP32.INI
[2010/05/29 13:56:58 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2010/05/24 18:59:27 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Hilarys blinds.doc
[2010/05/23 15:27:04 | 000,063,640 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/23 15:12:49 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/16 11:22:43 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 18:33:23 | 001,562,966 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\chrisgal.bmp
[2010/05/08 17:28:52 | 004,007,266 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SAGEBACK.001
[2010/05/08 17:13:14 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 23:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 11:13:44 | 000,041,542 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\09010516801M.docx
[2010/04/26 11:03:58 | 000,041,535 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Module 1 assignment 2 Christie.docx
[2010/04/24 19:13:31 | 000,020,858 | -HS- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\2HI0s
[2010/04/24 19:13:31 | 000,020,858 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2HI0s
[2010/04/24 18:49:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/24 18:21:28 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\mbam-setup-1.45.exe
[2010/04/21 22:02:34 | 000,013,774 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Journal articles from an electronic source.docx
[2010/04/15 19:58:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/12 22:32:48 | 000,017,107 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Jan.docx
[2010/04/11 08:46:08 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\rogerspeed[1].doc
[2010/04/10 19:54:44 | 001,615,522 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2010/04/08 20:56:01 | 000,016,977 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Nancy roper.docx
[2010/04/05 17:29:03 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/04 08:58:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2010/04/04 08:58:21 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
========== Files Created - No Company Name ==========
[2010/06/28 17:45:17 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\NTREGOPT.lnk
[2010/06/28 17:45:17 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\ERUNT.lnk
[2010/06/26 15:45:38 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\nt.bat
[2010/06/26 10:51:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/12 00:15:28 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/06 09:18:26 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
[2010/05/29 19:39:02 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/05/24 18:59:27 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Hilarys blinds.doc
[2010/05/23 15:27:04 | 000,063,640 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/15 08:12:35 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/13 18:33:22 | 001,562,966 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\chrisgal.bmp
[2010/05/08 17:40:41 | 004,007,266 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SAGEBACK.001
[2010/05/03 18:11:48 | 000,002,149 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\iTunes.lnk
[2010/05/03 18:11:48 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/03 14:06:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/03 14:06:24 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 11:13:44 | 000,041,542 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\09010516801M.docx
[2010/04/26 11:03:57 | 000,041,535 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Module 1 assignment 2 Christie.docx
[2010/04/24 18:49:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/24 17:34:38 | 000,020,858 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\2HI0s
[2010/04/24 17:34:38 | 000,020,858 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2HI0s
[2010/04/21 22:02:34 | 000,013,774 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Journal articles from an electronic source.docx
[2010/04/12 22:32:21 | 000,017,107 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Jan.docx
[2010/04/11 08:46:07 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\rogerspeed[1].doc
[2010/04/06 21:02:42 | 000,016,977 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Nancy roper.docx
[2010/04/05 17:29:03 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/04 08:58:24 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2010/04/04 08:58:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/17 20:21:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\dice.ini
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/08/28 23:01:08 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/28 23:01:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/02 03:17:50 | 000,000,253 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/26 18:54:09 | 000,002,713 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/16 05:21:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/03/08 15:07:14 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2009/03/08 14:59:16 | 000,977,920 | ---- | C] () -- C:\WINDOWS\System32\Sgrep32.dll
[2009/03/08 14:59:16 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\Sgtool32.dll
[2009/03/08 14:59:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\SGOPopDg.dll
[2009/03/08 14:59:16 | 000,228,864 | ---- | C] () -- C:\WINDOWS\System32\Sgtbar32.dll
[2009/03/08 14:59:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2009/03/08 14:59:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\sg50fl32.dll
[2009/03/08 14:59:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\sg50im32.dll
[2009/03/08 14:59:16 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\Sgappbar.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Ut32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Sk32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Ps32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50iv32.dll
[2009/03/08 14:59:16 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Sgstat32.dll
[2009/03/08 14:59:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\Sglogo32.dll
[2009/03/08 14:59:16 | 000,003,199 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2009/03/08 14:59:15 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\Sglist32.dll
[2009/03/08 14:59:15 | 000,296,448 | ---- | C] () -- C:\WINDOWS\System32\Sgcdlg32.dll
[2009/03/08 14:59:15 | 000,264,704 | ---- | C] () -- C:\WINDOWS\System32\Sglch32.dll
[2009/03/08 14:59:15 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\Sghelp32.dll
[2009/03/08 14:59:15 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\Sgintl32.dll
[2009/03/08 14:59:15 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\Sgcom32.dll
[2009/03/08 14:59:15 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\Sgdt32.dll
[2009/03/08 14:59:15 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\Sg3d32.dll
[2009/02/10 21:36:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/10 21:16:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDESX100DEFGIPS.ini
[2008/10/28 16:51:13 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/10/28 16:51:07 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/09/12 18:31:54 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/28 18:34:35 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/07/28 16:04:09 | 000,000,612 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
========== LOP Check ==========
[2009/10/25 19:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/04 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/02/10 21:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/04/26 18:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/03/21 10:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/10/28 16:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/06 09:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/02/10 21:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/04/05 17:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 18:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 14:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/04 09:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Pro
[2010/04/24 20:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Desktopicon
[2010/06/26 15:45:42 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\Chris\Application Data\dx10bac
[2009/03/08 15:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\EPSON
[2010/02/21 23:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Facebook
[2008/12/07 13:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\LG Electronics
[2010/03/06 23:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\licenses
[2010/03/06 23:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PCMM2009
[2010/03/06 23:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PCMM2010
[2010/03/04 20:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\pokerth
[2009/11/15 12:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Samsung
[2010/02/07 11:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Thinstall
[2010/06/28 19:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2010/03/06 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Vso
[2010/06/28 19:01:05 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/03/21 10:17:01 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/10/28 12:58:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/17 07:24:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/10/28 12:58:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/10/28 12:58:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/26 20:01:30 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/10/28 12:58:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/28 17:48:46 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2009/01/03 16:05:50 | 000,000,198 | ---- | M] () -- C:\Shortcut to CD Drive.lnk
[2009/03/24 11:49:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/24 23:06:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/12 18:24:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/27 20:11:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/30 02:16:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/06/19 15:49:48 | 000,000,292 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/06/22 23:36:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/07/15 17:45:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/07/16 21:02:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/10/20 22:51:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/11/08 17:31:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/11/08 18:26:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/11/09 02:58:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/09 03:00:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/12/09 19:50:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/12/09 22:12:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/01/15 07:16:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/02/04 22:36:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/06 22:53:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/06 22:53:06 | 000,000,172 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/24 11:49:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/24 23:06:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/05/12 18:24:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/27 20:11:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/30 02:16:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/06/19 15:49:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/06/22 23:36:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/07/15 17:45:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/07/16 21:02:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/10/20 22:51:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/11/08 17:31:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/11/08 18:26:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/11/09 02:58:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/09 03:00:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/12/09 19:50:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/12/09 22:12:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/01/15 07:16:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/04 22:36:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/06 22:53:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/06 22:53:06 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/05/19 09:53:47 | 000,087,040 | ---- | M] () -- C:\ucas.doc
[2009/05/15 16:18:10 | 000,000,162 | -H-- | M] () -- C:\~$ucas.doc
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/06/10 12:55:10 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/08/17 08:17:39 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/17 07:09:26 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/08/17 08:17:39 | 015,986,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/17 08:17:41 | 003,932,160 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 13:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-23 02:06:47
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-28 19:33:40
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\kwadiaog.sys
---- System - GMER 1.0.15 ----
SSDT spga.sys ZwCreateKey [0xB9EB50E0]
SSDT spga.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spga.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT spga.sys ZwOpenKey [0xB9EB50C0]
SSDT spga.sys ZwQueryKey [0xB9ECE20A]
SSDT spga.sys ZwQueryValueKey [0xB9ECE08A]
SSDT spga.sys ZwSetValueKey [0xB9ECE29C]
INT 0x62 ? 89A6ABF8
INT 0x63 ? 89735BF8
INT 0x63 ? 89735BF8
INT 0x63 ? 89735BF8
INT 0x63 ? 89735BF8
INT 0x63 ? 89735BF8
INT 0x63 ? 89735BF8
INT 0x82 ? 89A6ABF8
INT 0x83 ? 89A6ABF8
---- Kernel code sections - GMER 1.0.15 ----
? spga.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9C308AC 5 Bytes JMP 897351D8
.text aaht95n6.SYS B9440386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aaht95n6.SYS B94403AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aaht95n6.SYS B94403C4 3 Bytes [00, 80, 02]
.text aaht95n6.SYS B94403C9 1 Byte [30]
.text aaht95n6.SYS B94403C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89A691F8
Device \FileSystem\Fastfat \FatCdrom 897EB500
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\PCI_PNP4974 \Device\00000044 spga.sys
Device \Driver\usbuhci \Device\USBPDO-0 8987C1F8
Device \Driver\usbuhci \Device\USBPDO-1 8987C1F8
Device \Driver\usbuhci \Device\USBPDO-2 8987C1F8
Device \Driver\usbuhci \Device\USBPDO-3 8987C1F8
Device \Driver\usbehci \Device\USBPDO-4 898651F8
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\sptd \Device\2916356224 spga.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 899FF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 899FF1F8
Device \Driver\Cdrom \Device\CdRom0 8973F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F7A54B0A-8F71-4AE4-9F6E-D203F347C279} 8974D1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1c [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-24 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-8 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8973F1F8
Device \Driver\Cdrom \Device\CdRom2 8973F1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8974D1F8
Device \Driver\NetBT \Device\NetbiosSmb 8974D1F8
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000006c 898331F8
Device \Driver\usbuhci \Device\USBFDO-0 8987C1F8
Device \Driver\usbuhci \Device\USBFDO-1 8987C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 892BC1F8
Device \Driver\usbuhci \Device\USBFDO-2 8987C1F8
Device \Driver\usbuhci \Device\USBFDO-3 8987C1F8
Device \Driver\USBSTOR \Device\0000006f 898331F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 892BC1F8
Device \Driver\Ftdisk \Device\FtControl 899FF1F8
Device \Driver\usbehci \Device\USBFDO-4 898651F8
Device \Driver\aaht95n6 \Device\Scsi\aaht95n61 896D01F8
Device \Driver\aaht95n6 \Device\Scsi\aaht95n61Port4Path0Target0Lun0 896D01F8
Device \FileSystem\Fastfat \Fat 897EB500
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 897081F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060b2db8b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060b2db8b@00249030bd08 0x32 0x1F 0x88 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x42 0x03 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0x09 0xF5 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xCA 0xBD 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0xF9 0xFE 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060b2db8b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060b2db8b@00249030bd08 0x32 0x1F 0x88 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x42 0x03 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0x09 0xF5 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xCA 0xBD 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAB 0xF9 0xFE 0xCF ...
---- EOF - GMER 1.0.15 ----
#5
Posted 28 June 2010 - 06:31 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Uninstall:
{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"uTorrent" = µTorrent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
Copy the text between the lines of stars by highlighting and Ctrl + c
********************************************************************************
:OTL
O4 - HKLM..\Run: [d-x10bc] C:\Documents and Settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe (Microsoft)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://59.60.191.66/spvod.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O32 - AutoRun File - [2010/03/03 13:21:48 | 000,244,004 | ---- | M] () - H:\Automatic door.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/09 08:49:20 | 000,041,640 | ---- | M] () - H:\Autonedt2.PDF -- [ FAT32 ]
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\AutoRun\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\open\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
:Files
C:\Documents and Settings\Chris\Local Settings\Application Data\2HI0s
C:\Documents and Settings\All Users\Application Data\2HI0s
C:\Documents and Settings\Chris\Application Data\dx10bac
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
C:\Start.exe
C:\Windows\Start.exe
C:\Windows\System32\Start.exe
C:\Documents and Settings\Chris\Application Data\dx10bac
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]
*******************************************************************
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Run Malwarebytes' Anti-Malware
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:
:!: It must be saved to your desktop, do not run it :!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Doubleclick on george to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Re-activate your protection programs at this time :!:
Reboot now, please :!:
Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:
OTL Log
MBAM log
Combofix log
Ron
{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"uTorrent" = µTorrent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
Copy the text between the lines of stars by highlighting and Ctrl + c
********************************************************************************
:OTL
O4 - HKLM..\Run: [d-x10bc] C:\Documents and Settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe (Microsoft)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://59.60.191.66/spvod.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O32 - AutoRun File - [2010/03/03 13:21:48 | 000,244,004 | ---- | M] () - H:\Automatic door.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/09 08:49:20 | 000,041,640 | ---- | M] () - H:\Autonedt2.PDF -- [ FAT32 ]
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\AutoRun\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\open\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
:Files
C:\Documents and Settings\Chris\Local Settings\Application Data\2HI0s
C:\Documents and Settings\All Users\Application Data\2HI0s
C:\Documents and Settings\Chris\Application Data\dx10bac
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
C:\Start.exe
C:\Windows\Start.exe
C:\Windows\System32\Start.exe
C:\Documents and Settings\Chris\Application Data\dx10bac
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]
*******************************************************************
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Run Malwarebytes' Anti-Malware
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:
:!: It must be saved to your desktop, do not run it :!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Doubleclick on george to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Re-activate your protection programs at this time :!:
Reboot now, please :!:
Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:
OTL Log
MBAM log
Combofix log
Ron
Edited by RKinner, 28 June 2010 - 06:32 PM.
#6
Posted 29 June 2010 - 04:02 PM
Chrisgal
- Topic Starter
-
- Member
-
- 9 posts
New Member
ComboFix 10-06-29.02 - Chris 29/06/2010 22:20:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1471.926 [GMT 1:00]
Running from: c:\documents and settings\Chris\My Documents\LocalLow\Desktop\George.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chris\Application Data\Desktopicon
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))
.
2010-06-29 20:49 . 2010-06-29 21:12 -------- d-----w- C:\George
2010-06-28 16:45 . 2010-06-28 16:45 -------- d-----w- c:\program files\ERUNT
2010-06-26 09:51 . 2010-06-26 14:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 17:07 . 2010-06-26 18:41 -------- d-----w- C:\A Northern Soul
2010-06-10 04:13 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-06 08:03 . 2010-06-06 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-06 07:58 . 2010-06-06 07:58 -------- d-----w- c:\program files\Adobe Media Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 06:06 . 2010-02-27 16:46 -------- d-----w- c:\program files\uTorrent
2010-06-29 06:06 . 2010-01-23 13:26 -------- d-----w- c:\documents and settings\Chris\Application Data\uTorrent
2010-06-29 06:04 . 2008-09-12 18:18 -------- d-----w- c:\program files\Java
2010-06-29 06:04 . 2008-09-12 18:17 -------- d-----w- c:\program files\Common Files\Java
2010-06-29 05:52 . 2010-03-21 09:16 -------- d-----w- c:\program files\LogMeIn
2010-06-28 19:03 . 2010-04-24 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 10:04 . 2008-10-28 15:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-27 10:04 . 2008-07-28 15:01 -------- d-----w- c:\program files\CyberLink
2010-06-26 14:45 . 2010-06-26 14:45 614 ----a-w- c:\documents and settings\Chris\Application Data\nt.bat
2010-06-26 14:45 . 2010-06-26 14:45 614 ----a-w- c:\documents and settings\Chris\Application Data\nt.bat
2010-06-11 23:28 . 2010-05-15 10:09 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-11 23:28 . 2010-05-15 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-11 23:15 . 2010-06-11 23:15 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-11 23:15 . 2009-04-13 12:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-11 23:15 . 2009-04-13 12:44 -------- d-----w- c:\program files\DivX
2010-06-11 23:15 . 2010-06-11 23:15 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-11 23:14 . 2010-06-11 23:14 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-11 23:14 . 2010-06-11 23:14 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-11 23:14 . 2010-05-15 07:14 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-11 23:14 . 2010-05-15 07:14 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-10 11:55 . 2010-03-21 09:17 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-10 11:55 . 2010-03-21 09:17 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-10 11:55 . 2010-03-21 09:17 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-06 08:03 . 2008-10-28 15:23 78504 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-06 08:00 . 2008-09-02 17:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 07:38 . 2009-03-24 19:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 07:14 . 2009-04-13 12:51 -------- d-----w- c:\documents and settings\Chris\Application Data\DivX
2010-06-03 08:41 . 2010-06-03 08:41 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-03 08:41 . 2010-06-03 08:41 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-03 08:41 . 2009-10-25 18:37 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 08:41 . 2009-10-25 18:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 13:47 . 2010-06-01 13:47 61440 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3fe64528-n\decora-sse.dll
2010-06-01 13:47 . 2010-06-01 13:47 503808 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\msvcp71.dll
2010-06-01 13:47 . 2010-06-01 13:47 499712 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\jmc.dll
2010-06-01 13:47 . 2010-06-01 13:47 348160 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\msvcr71.dll
2010-06-01 13:47 . 2010-06-01 13:47 12800 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3fe64528-n\decora-d3d.dll
2010-05-31 10:27 . 2010-04-04 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-29 18:33 . 2009-08-22 02:06 -------- d-----w- c:\program files\MSBuild
2010-05-29 18:32 . 2010-05-29 18:32 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2008
2010-05-29 18:32 . 2010-05-29 18:32 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2005
2010-05-29 18:31 . 2010-05-29 18:31 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-05-29 18:30 . 2010-05-29 18:30 -------- d-----w- c:\program files\Microsoft.NET
2010-05-29 18:30 . 2009-09-16 13:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-29 18:28 . 2010-05-29 18:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-29 18:25 . 2010-05-29 18:25 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-05-24 17:58 . 2010-05-24 17:58 53248 ----a-w- c:\documents and settings\Chris\Application Data\Thinstall\Microsoft Office Enterprise 2007\10000002b00002h\E_FARNEDE.EXE
2010-05-24 17:58 . 2010-05-24 17:58 53248 ----a-w- c:\documents and settings\Chris\Application Data\Thinstall\Microsoft Office Enterprise 2007\10000002f00002h\E_FAMTEDE.EXE
2010-05-23 16:03 . 2010-05-23 16:03 -------- d-----w- c:\program files\Makayama Interactive
2010-05-23 14:27 . 2010-05-23 14:27 63640 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 02:55 . 2010-05-22 02:55 503808 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\msvcp71.dll
2010-05-22 02:55 . 2010-05-22 02:55 61440 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b90771d-n\decora-sse.dll
2010-05-22 02:55 . 2010-05-22 02:55 499712 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\jmc.dll
2010-05-22 02:55 . 2010-05-22 02:55 348160 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\msvcr71.dll
2010-05-22 02:55 . 2010-05-22 02:55 12800 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b90771d-n\decora-d3d.dll
2010-05-15 07:12 . 2010-05-15 07:12 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-15 07:11 . 2010-05-15 07:11 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-15 07:11 . 2010-05-15 07:11 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-13 17:31 . 2010-05-13 17:29 -------- d-----w- c:\program files\FontTwister
2010-05-08 08:12 . 2008-08-17 13:49 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 17:11 . 2010-05-03 17:10 -------- d-----w- c:\program files\iTunes
2010-05-03 17:10 . 2010-05-03 17:10 -------- d-----w- c:\program files\iPod
2010-05-03 17:10 . 2009-04-10 13:31 -------- d-----w- c:\program files\Common Files\Apple
2010-05-03 17:01 . 2008-09-12 17:25 -------- d-----w- c:\program files\Bonjour
2010-05-03 17:00 . 2010-05-03 17:00 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 10:30 . 2010-05-01 10:30 503808 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\msvcp71.dll
2010-05-01 10:30 . 2010-05-01 10:30 499712 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\jmc.dll
2010-05-01 10:30 . 2010-05-01 10:30 348160 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\msvcr71.dll
2010-05-01 10:30 . 2010-05-01 10:30 61440 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72074741-n\decora-sse.dll
2010-05-01 10:30 . 2010-05-01 10:30 12800 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72074741-n\decora-d3d.dll
2010-05-01 10:28 . 2010-05-01 10:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-29 14:39 . 2010-04-24 17:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-04-24 17:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 07:58 . 2010-04-04 07:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-27 13:15 . 2009-09-19 12:43 249324 ----a-w- c:\program files\Television-Blank_Gen_(Live).ogg
2004-07-17 10:35 . 2009-09-19 12:43 1326080 ----a-w- c:\program files\webfldrs.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
2010-05-17 14:01 2515552 ----a-w- c:\program files\The_Streaming_Lounge\tbThe1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-08-17 17:54 564624 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 14:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{84AB7B40-6AA5-4009-B1A3-5883080F0C9E}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
"AdobeUpdater"="c:\program files\COMMON FILES\ADOBE\UPDATER5\ADOBEUPDATER.EXE" [2007-02-28 2321600]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2009-08-17 661360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2005-09-14 167936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-08-17 85888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-8-21 202648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\Samsung Master
Samsung Master Help.lnk - c:\program files\Samsung\Samsung Master\SamsungMaster.chm [2009-8-28 468497]
Samsung Master.lnk - c:\program files\Samsung\Samsung Master\SamsungMaster.exe [2009-8-28 2510336]
Uninstall Samsung Master.lnk - c:\program files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\setup.exe [2009-8-28 455600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-10 11:55 87424 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/10/2009 19:37 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/10/2009 19:37 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15/03/2010 10:17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 10:18 308064]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 13:41 12856]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/05/2010 14:06 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21/08/2009 15:47 30510960]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [21/08/2009 15:36 4639136]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [08/12/2008 21:44 185344]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/04/2010 08:58 691696]
.
Contents of the 'Scheduled Tasks' folder
2010-06-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-06 07:48]
2010-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 13:06]
2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 13:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-d-x10bc - c:\documents and settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-TVAnts 1.0 - c:\progra~1\TVAnts\UNWISE.EXE
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 22:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Chris\LOCALS~1\Temp\a0704a0d-41e0-457f-8390-8ed2ba9637e5.mht 7298 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(1936)
c:\windows\system32\WININET.dll
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-29 22:54:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-29 21:54
Pre-Run: 14,934,179,840 bytes free
Post-Run: 14,878,572,544 bytes free
- - End Of File - - ABD4FDD76692533C1CCE9D81938584B9
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4251
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29/06/2010 20:08:20
mbam-log-2010-06-29 (20-08-20).txt
Scan type: Full scan (C:\|)
Objects scanned: 255880
Time elapsed: 1 hour(s), 55 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL logfile created on: 29/06/2010 17:39:46 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = H:\Geeks to Go
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.06 Gb Free Space | 18.87% Space Free | Partition Type: NTFS
Drive D: | 9.53 Gb Total Space | 6.42 Gb Free Space | 67.41% Space Free | Partition Type: FAT32
Drive E: | 4.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.29 Gb Total Space | 6.48 Gb Free Space | 88.94% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: CHRIS-6847EFA79
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/28 07:21:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- H:\Geeks to Go\OTL.exe
PRC - [2010/06/10 12:55:19 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/06/10 12:55:09 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/06/03 09:41:29 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/03 09:41:28 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/03 09:41:28 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/03 09:41:25 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/03 09:41:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/15 10:18:03 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/15 10:17:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/08/21 15:49:54 | 000,428,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/08/21 15:49:54 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/08/17 18:53:32 | 000,661,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/10/21 16:43:57 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 06:42:52 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/09/14 14:47:44 | 000,167,936 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005/03/08 04:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
========== Modules (SafeList) ==========
MOD - [2010/06/28 07:21:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- H:\Geeks to Go\OTL.exe
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/06/10 12:55:19 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/15 10:18:03 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/15 10:17:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/14 19:18:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/21 15:47:14 | 030,510,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/08/21 15:36:08 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
========== Driver Services (SafeList) ==========
DRV - [2010/06/10 12:55:10 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/03 09:41:28 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/03 09:41:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/04 08:58:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/15 10:17:57 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/15 12:35:37 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/17 01:04:50 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/14 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/01/29 20:15:26 | 000,185,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2007/01/25 17:37:16 | 004,027,456 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/01/08 12:41:32 | 000,003,078 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\EAPPkt.inf -- (EAPPkt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 B3 51 4A D6 36 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2010/06/29 07:10:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (The Streaming Lounge Toolbar) - {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (The Streaming Lounge Toolbar) - {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (The Streaming Lounge Toolbar) - {84AB7B40-6AA5-4009-B1A3-5883080F0C9E} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [d-x10bc] C:\Documents and Settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Samsung Master [2009/08/28 23:01:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: the-streaming-lounge.co.uk ([www] http in Local intranet)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1218957462859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1228857100046 (MUWebControl Class)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.co.../downloader.cab (DLoader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://skyonline.obe...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://59.60.191.66/spvod.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/28 12:58:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/03 13:21:48 | 000,244,004 | ---- | M] () - H:\Automatic door.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/09 08:49:20 | 000,041,640 | ---- | M] () - H:\Autonedt2.PDF -- [ FAT32 ]
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\AutoRun\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\open\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 90 Days ==========
[2010/06/28 17:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/28 17:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/21 18:07:49 | 000,000,000 | ---D | C] -- C:\A Northern Soul
[2010/06/06 09:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/06 08:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/06 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\Adobe CS5
[2010/05/31 11:27:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\My Documents\My Shapes
[2010/05/29 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2008
[2010/05/29 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2005
[2010/05/29 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/05/29 19:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/29 19:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/29 19:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/05/29 19:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/05/29 19:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/05/29 19:25:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/29 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/29 19:22:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/29 19:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\WinRAR
[2010/05/23 17:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Makayama Interactive
[2010/05/15 19:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple_Inc
[2010/05/15 08:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/13 18:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\FontTwister
[2010/05/12 17:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/03 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/03 18:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/03 14:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Temp
[2010/05/01 11:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/26 23:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/24 18:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2010/04/24 18:49:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/24 18:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/24 18:49:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 18:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/24 18:47:48 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\mbam-setup-1.45.exe
[2010/04/21 09:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2010/04/05 17:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/05 13:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 1
[2010/04/05 13:14:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 3
[2010/04/05 13:13:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 2
[2010/04/04 09:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\OneNote Notebooks
[2010/04/04 09:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft Help
[2010/04/04 09:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/04 08:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2010/04/04 08:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Pro
[2010/04/04 08:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
========== Files - Modified Within 90 Days ==========
[2010/06/29 17:17:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/29 12:22:16 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/29 12:21:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/29 12:21:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/29 12:20:36 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2010/06/29 12:20:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/06/29 08:14:31 | 061,472,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/29 07:10:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/29 02:02:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
[2010/06/28 17:45:17 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\NTREGOPT.lnk
[2010/06/28 17:45:17 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\ERUNT.lnk
[2010/06/28 16:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/26 15:45:38 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\nt.bat
[2010/06/26 15:16:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/25 12:19:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 03:04:27 | 000,492,912 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:04:27 | 000,435,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:04:27 | 000,068,470 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/20 10:07:12 | 024,774,111 | ---- | M] () -- C:\Documents and Settings\Chris\chris.cat
[2010/06/12 00:15:48 | 000,001,449 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\DivX Movies.lnk
[2010/06/12 00:15:28 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/12 00:15:01 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/11 03:38:51 | 003,811,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 03:21:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 12:55:10 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/06/10 12:55:10 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/06/10 12:55:10 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/06/06 09:03:57 | 000,078,504 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/03 09:41:28 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/03 09:41:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/29 19:39:02 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/05/29 19:36:06 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/29 19:26:36 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/29 15:52:50 | 000,003,199 | ---- | M] () -- C:\WINDOWS\SAGE.INI
[2010/05/29 15:52:50 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SGREP32.INI
[2010/05/29 13:56:58 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2010/05/24 18:59:27 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Hilarys blinds.doc
[2010/05/23 15:27:04 | 000,063,640 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/23 15:12:49 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/16 11:22:43 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 18:33:23 | 001,562,966 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\chrisgal.bmp
[2010/05/08 17:28:52 | 004,007,266 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SAGEBACK.001
[2010/05/08 17:13:14 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 23:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 11:13:44 | 000,041,542 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\09010516801M.docx
[2010/04/26 11:03:58 | 000,041,535 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Module 1 assignment 2 Christie.docx
[2010/04/24 18:49:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/24 18:21:28 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\mbam-setup-1.45.exe
[2010/04/21 22:02:34 | 000,013,774 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Journal articles from an electronic source.docx
[2010/04/15 19:58:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/12 22:32:48 | 000,017,107 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Jan.docx
[2010/04/11 08:46:08 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\rogerspeed[1].doc
[2010/04/10 19:54:44 | 001,615,522 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2010/04/08 20:56:01 | 000,016,977 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Nancy roper.docx
[2010/04/05 17:29:03 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/04 08:58:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2010/04/04 08:58:21 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
========== Files Created - No Company Name ==========
[2010/06/28 17:45:17 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\NTREGOPT.lnk
[2010/06/28 17:45:17 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\ERUNT.lnk
[2010/06/26 15:45:38 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\nt.bat
[2010/06/26 10:51:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/12 00:15:28 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/06 09:18:26 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
[2010/05/29 19:39:02 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/05/24 18:59:27 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Hilarys blinds.doc
[2010/05/23 15:27:04 | 000,063,640 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/15 08:12:35 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/13 18:33:22 | 001,562,966 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\chrisgal.bmp
[2010/05/08 17:40:41 | 004,007,266 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SAGEBACK.001
[2010/05/03 18:11:48 | 000,002,149 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\iTunes.lnk
[2010/05/03 18:11:48 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/03 14:06:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/03 14:06:24 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 11:13:44 | 000,041,542 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\09010516801M.docx
[2010/04/26 11:03:57 | 000,041,535 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Module 1 assignment 2 Christie.docx
[2010/04/24 18:49:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/21 22:02:34 | 000,013,774 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Journal articles from an electronic source.docx
[2010/04/12 22:32:21 | 000,017,107 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Jan.docx
[2010/04/11 08:46:07 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\rogerspeed[1].doc
[2010/04/06 21:02:42 | 000,016,977 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Nancy roper.docx
[2010/04/05 17:29:03 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/04 08:58:24 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2010/04/04 08:58:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/17 20:21:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\dice.ini
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/08/28 23:01:08 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/28 23:01:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/02 03:17:50 | 000,000,253 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/26 18:54:09 | 000,002,713 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/16 05:21:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/03/08 15:07:14 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2009/03/08 14:59:16 | 000,977,920 | ---- | C] () -- C:\WINDOWS\System32\Sgrep32.dll
[2009/03/08 14:59:16 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\Sgtool32.dll
[2009/03/08 14:59:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\SGOPopDg.dll
[2009/03/08 14:59:16 | 000,228,864 | ---- | C] () -- C:\WINDOWS\System32\Sgtbar32.dll
[2009/03/08 14:59:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2009/03/08 14:59:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\sg50fl32.dll
[2009/03/08 14:59:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\sg50im32.dll
[2009/03/08 14:59:16 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\Sgappbar.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Ut32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Sk32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Ps32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50iv32.dll
[2009/03/08 14:59:16 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Sgstat32.dll
[2009/03/08 14:59:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\Sglogo32.dll
[2009/03/08 14:59:16 | 000,003,199 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2009/03/08 14:59:15 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\Sglist32.dll
[2009/03/08 14:59:15 | 000,296,448 | ---- | C] () -- C:\WINDOWS\System32\Sgcdlg32.dll
[2009/03/08 14:59:15 | 000,264,704 | ---- | C] () -- C:\WINDOWS\System32\Sglch32.dll
[2009/03/08 14:59:15 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\Sghelp32.dll
[2009/03/08 14:59:15 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\Sgintl32.dll
[2009/03/08 14:59:15 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\Sgcom32.dll
[2009/03/08 14:59:15 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\Sgdt32.dll
[2009/03/08 14:59:15 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\Sg3d32.dll
[2009/02/10 21:36:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/10 21:16:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDESX100DEFGIPS.ini
[2008/10/28 16:51:13 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/10/28 16:51:07 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/09/12 18:31:54 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/28 18:34:35 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/07/28 16:04:09 | 000,000,612 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
========== LOP Check ==========
[2009/10/25 19:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/04 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/02/10 21:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/04/26 18:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/03/21 10:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/10/28 16:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/06 09:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/02/10 21:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/04/05 17:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 18:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 14:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/04 09:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Pro
[2010/04/24 20:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Desktopicon
[2009/03/08 15:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\EPSON
[2010/02/21 23:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Facebook
[2008/12/07 13:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\LG Electronics
[2010/03/06 23:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\licenses
[2010/03/06 23:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PCMM2009
[2010/03/06 23:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PCMM2010
[2010/03/04 20:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\pokerth
[2009/11/15 12:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Samsung
[2010/02/07 11:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Thinstall
[2010/06/29 07:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2010/03/06 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Vso
========== Purity Check ==========
< End of report >
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1471.926 [GMT 1:00]
Running from: c:\documents and settings\Chris\My Documents\LocalLow\Desktop\George.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chris\Application Data\Desktopicon
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))
.
2010-06-29 20:49 . 2010-06-29 21:12 -------- d-----w- C:\George
2010-06-28 16:45 . 2010-06-28 16:45 -------- d-----w- c:\program files\ERUNT
2010-06-26 09:51 . 2010-06-26 14:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 17:07 . 2010-06-26 18:41 -------- d-----w- C:\A Northern Soul
2010-06-10 04:13 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-06 08:03 . 2010-06-06 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-06 07:58 . 2010-06-06 07:58 -------- d-----w- c:\program files\Adobe Media Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 06:06 . 2010-02-27 16:46 -------- d-----w- c:\program files\uTorrent
2010-06-29 06:06 . 2010-01-23 13:26 -------- d-----w- c:\documents and settings\Chris\Application Data\uTorrent
2010-06-29 06:04 . 2008-09-12 18:18 -------- d-----w- c:\program files\Java
2010-06-29 06:04 . 2008-09-12 18:17 -------- d-----w- c:\program files\Common Files\Java
2010-06-29 05:52 . 2010-03-21 09:16 -------- d-----w- c:\program files\LogMeIn
2010-06-28 19:03 . 2010-04-24 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 10:04 . 2008-10-28 15:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-27 10:04 . 2008-07-28 15:01 -------- d-----w- c:\program files\CyberLink
2010-06-26 14:45 . 2010-06-26 14:45 614 ----a-w- c:\documents and settings\Chris\Application Data\nt.bat
2010-06-26 14:45 . 2010-06-26 14:45 614 ----a-w- c:\documents and settings\Chris\Application Data\nt.bat
2010-06-11 23:28 . 2010-05-15 10:09 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-11 23:28 . 2010-05-15 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-11 23:15 . 2010-06-11 23:15 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-11 23:15 . 2009-04-13 12:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-11 23:15 . 2009-04-13 12:44 -------- d-----w- c:\program files\DivX
2010-06-11 23:15 . 2010-06-11 23:15 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-11 23:14 . 2010-06-11 23:14 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-11 23:14 . 2010-06-11 23:14 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-11 23:14 . 2010-05-15 07:14 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-11 23:14 . 2010-05-15 07:14 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-10 11:55 . 2010-03-21 09:17 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-10 11:55 . 2010-03-21 09:17 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-10 11:55 . 2010-03-21 09:17 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-06 08:03 . 2008-10-28 15:23 78504 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-06 08:00 . 2008-09-02 17:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 07:38 . 2009-03-24 19:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 07:14 . 2009-04-13 12:51 -------- d-----w- c:\documents and settings\Chris\Application Data\DivX
2010-06-03 08:41 . 2010-06-03 08:41 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-03 08:41 . 2010-06-03 08:41 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-03 08:41 . 2009-10-25 18:37 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 08:41 . 2009-10-25 18:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 13:47 . 2010-06-01 13:47 61440 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3fe64528-n\decora-sse.dll
2010-06-01 13:47 . 2010-06-01 13:47 503808 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\msvcp71.dll
2010-06-01 13:47 . 2010-06-01 13:47 499712 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\jmc.dll
2010-06-01 13:47 . 2010-06-01 13:47 348160 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\msvcr71.dll
2010-06-01 13:47 . 2010-06-01 13:47 12800 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3fe64528-n\decora-d3d.dll
2010-05-31 10:27 . 2010-04-04 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-29 18:33 . 2009-08-22 02:06 -------- d-----w- c:\program files\MSBuild
2010-05-29 18:32 . 2010-05-29 18:32 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2008
2010-05-29 18:32 . 2010-05-29 18:32 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2005
2010-05-29 18:31 . 2010-05-29 18:31 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-05-29 18:30 . 2010-05-29 18:30 -------- d-----w- c:\program files\Microsoft.NET
2010-05-29 18:30 . 2009-09-16 13:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-29 18:28 . 2010-05-29 18:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-29 18:25 . 2010-05-29 18:25 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-05-24 17:58 . 2010-05-24 17:58 53248 ----a-w- c:\documents and settings\Chris\Application Data\Thinstall\Microsoft Office Enterprise 2007\10000002b00002h\E_FARNEDE.EXE
2010-05-24 17:58 . 2010-05-24 17:58 53248 ----a-w- c:\documents and settings\Chris\Application Data\Thinstall\Microsoft Office Enterprise 2007\10000002f00002h\E_FAMTEDE.EXE
2010-05-23 16:03 . 2010-05-23 16:03 -------- d-----w- c:\program files\Makayama Interactive
2010-05-23 14:27 . 2010-05-23 14:27 63640 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 02:55 . 2010-05-22 02:55 503808 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\msvcp71.dll
2010-05-22 02:55 . 2010-05-22 02:55 61440 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b90771d-n\decora-sse.dll
2010-05-22 02:55 . 2010-05-22 02:55 499712 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\jmc.dll
2010-05-22 02:55 . 2010-05-22 02:55 348160 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\msvcr71.dll
2010-05-22 02:55 . 2010-05-22 02:55 12800 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b90771d-n\decora-d3d.dll
2010-05-15 07:12 . 2010-05-15 07:12 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-15 07:11 . 2010-05-15 07:11 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-15 07:11 . 2010-05-15 07:11 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-13 17:31 . 2010-05-13 17:29 -------- d-----w- c:\program files\FontTwister
2010-05-08 08:12 . 2008-08-17 13:49 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 17:11 . 2010-05-03 17:10 -------- d-----w- c:\program files\iTunes
2010-05-03 17:10 . 2010-05-03 17:10 -------- d-----w- c:\program files\iPod
2010-05-03 17:10 . 2009-04-10 13:31 -------- d-----w- c:\program files\Common Files\Apple
2010-05-03 17:01 . 2008-09-12 17:25 -------- d-----w- c:\program files\Bonjour
2010-05-03 17:00 . 2010-05-03 17:00 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 10:30 . 2010-05-01 10:30 503808 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\msvcp71.dll
2010-05-01 10:30 . 2010-05-01 10:30 499712 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\jmc.dll
2010-05-01 10:30 . 2010-05-01 10:30 348160 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\msvcr71.dll
2010-05-01 10:30 . 2010-05-01 10:30 61440 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72074741-n\decora-sse.dll
2010-05-01 10:30 . 2010-05-01 10:30 12800 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72074741-n\decora-d3d.dll
2010-05-01 10:28 . 2010-05-01 10:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-29 14:39 . 2010-04-24 17:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-04-24 17:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 07:58 . 2010-04-04 07:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-27 13:15 . 2009-09-19 12:43 249324 ----a-w- c:\program files\Television-Blank_Gen_(Live).ogg
2004-07-17 10:35 . 2009-09-19 12:43 1326080 ----a-w- c:\program files\webfldrs.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
2010-05-17 14:01 2515552 ----a-w- c:\program files\The_Streaming_Lounge\tbThe1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-08-17 17:54 564624 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 14:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{84AB7B40-6AA5-4009-B1A3-5883080F0C9E}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
"AdobeUpdater"="c:\program files\COMMON FILES\ADOBE\UPDATER5\ADOBEUPDATER.EXE" [2007-02-28 2321600]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2009-08-17 661360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2005-09-14 167936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-08-17 85888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-8-21 202648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\Samsung Master
Samsung Master Help.lnk - c:\program files\Samsung\Samsung Master\SamsungMaster.chm [2009-8-28 468497]
Samsung Master.lnk - c:\program files\Samsung\Samsung Master\SamsungMaster.exe [2009-8-28 2510336]
Uninstall Samsung Master.lnk - c:\program files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\setup.exe [2009-8-28 455600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-10 11:55 87424 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/10/2009 19:37 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/10/2009 19:37 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15/03/2010 10:17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 10:18 308064]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 13:41 12856]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/05/2010 14:06 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21/08/2009 15:47 30510960]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [21/08/2009 15:36 4639136]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [08/12/2008 21:44 185344]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/04/2010 08:58 691696]
.
Contents of the 'Scheduled Tasks' folder
2010-06-29 c:\windows\Tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-06 07:48]
2010-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 13:06]
2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 13:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-d-x10bc - c:\documents and settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-TVAnts 1.0 - c:\progra~1\TVAnts\UNWISE.EXE
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 22:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Chris\LOCALS~1\Temp\a0704a0d-41e0-457f-8390-8ed2ba9637e5.mht 7298 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(1936)
c:\windows\system32\WININET.dll
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-29 22:54:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-29 21:54
Pre-Run: 14,934,179,840 bytes free
Post-Run: 14,878,572,544 bytes free
- - End Of File - - ABD4FDD76692533C1CCE9D81938584B9
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4251
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29/06/2010 20:08:20
mbam-log-2010-06-29 (20-08-20).txt
Scan type: Full scan (C:\|)
Objects scanned: 255880
Time elapsed: 1 hour(s), 55 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL logfile created on: 29/06/2010 17:39:46 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = H:\Geeks to Go
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 14.06 Gb Free Space | 18.87% Space Free | Partition Type: NTFS
Drive D: | 9.53 Gb Total Space | 6.42 Gb Free Space | 67.41% Space Free | Partition Type: FAT32
Drive E: | 4.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.29 Gb Total Space | 6.48 Gb Free Space | 88.94% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: CHRIS-6847EFA79
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/28 07:21:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- H:\Geeks to Go\OTL.exe
PRC - [2010/06/10 12:55:19 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/06/10 12:55:09 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/06/03 09:41:29 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/03 09:41:28 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/03 09:41:28 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/03 09:41:25 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/03 09:41:23 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/15 10:18:03 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/15 10:17:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/08/21 15:49:54 | 000,428,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/08/21 15:49:54 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/08/17 18:53:32 | 000,661,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/10/21 16:43:57 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 06:42:52 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/09/14 14:47:44 | 000,167,936 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005/03/08 04:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
========== Modules (SafeList) ==========
MOD - [2010/06/28 07:21:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- H:\Geeks to Go\OTL.exe
MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/06/10 12:55:19 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/15 10:18:03 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/15 10:17:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/14 19:18:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/21 15:47:14 | 030,510,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/08/21 15:36:08 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/08/11 13:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
========== Driver Services (SafeList) ==========
DRV - [2010/06/10 12:55:10 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/03 09:41:28 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/03 09:41:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/04 08:58:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/15 10:17:57 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/15 12:35:37 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/17 01:04:50 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/14 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/01/29 20:15:26 | 000,185,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2007/01/25 17:37:16 | 004,027,456 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/01/08 12:41:32 | 000,003,078 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\EAPPkt.inf -- (EAPPkt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 B3 51 4A D6 36 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2010/06/29 07:10:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (The Streaming Lounge Toolbar) - {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (The Streaming Lounge Toolbar) - {84ab7b40-6aa5-4009-b1a3-5883080f0c9e} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (The Streaming Lounge Toolbar) - {84AB7B40-6AA5-4009-B1A3-5883080F0C9E} - C:\Program Files\The_Streaming_Lounge\tbThe1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [d-x10bc] C:\Documents and Settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Samsung Master [2009/08/28 23:01:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: the-streaming-lounge.co.uk ([www] http in Local intranet)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1218957462859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1228857100046 (MUWebControl Class)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.co.../downloader.cab (DLoader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://skyonline.obe...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://59.60.191.66/spvod.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/28 12:58:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/03 13:21:48 | 000,244,004 | ---- | M] () - H:\Automatic door.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/02/09 08:49:20 | 000,041,640 | ---- | M] () - H:\Autonedt2.PDF -- [ FAT32 ]
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\AutoRun\command - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\Shell\opEN\CoMmanD - "" = H:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\AutoRun\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
O33 - MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\Shell\open\command - "" = RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 90 Days ==========
[2010/06/28 17:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/28 17:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/21 18:07:49 | 000,000,000 | ---D | C] -- C:\A Northern Soul
[2010/06/06 09:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/06 08:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/06 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\Adobe CS5
[2010/05/31 11:27:09 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Chris\My Documents\My Shapes
[2010/05/29 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2008
[2010/05/29 19:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2005
[2010/05/29 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/05/29 19:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/29 19:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/29 19:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/05/29 19:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/05/29 19:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/05/29 19:25:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/29 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/29 19:22:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/29 19:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\WinRAR
[2010/05/23 17:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Makayama Interactive
[2010/05/15 19:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Apple_Inc
[2010/05/15 08:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/13 18:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\FontTwister
[2010/05/12 17:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/03 18:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/03 18:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/03 14:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Temp
[2010/05/01 11:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/26 23:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/24 18:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2010/04/24 18:49:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/24 18:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/24 18:49:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 18:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/24 18:47:48 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\mbam-setup-1.45.exe
[2010/04/21 09:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
[2010/04/05 17:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/05 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/05 13:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 1
[2010/04/05 13:14:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 3
[2010/04/05 13:13:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Font Pack 2
[2010/04/04 09:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\OneNote Notebooks
[2010/04/04 09:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft Help
[2010/04/04 09:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/04 08:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2010/04/04 08:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Pro
[2010/04/04 08:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
========== Files - Modified Within 90 Days ==========
[2010/06/29 17:17:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/29 12:22:16 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/29 12:21:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/29 12:21:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/29 12:20:36 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2010/06/29 12:20:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/06/29 08:14:31 | 061,472,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/29 07:10:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/29 02:02:17 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
[2010/06/28 17:45:17 | 000,000,623 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\NTREGOPT.lnk
[2010/06/28 17:45:17 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\ERUNT.lnk
[2010/06/28 16:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/26 15:45:38 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\nt.bat
[2010/06/26 15:16:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/25 12:19:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 03:04:27 | 000,492,912 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:04:27 | 000,435,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:04:27 | 000,068,470 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/20 10:07:12 | 024,774,111 | ---- | M] () -- C:\Documents and Settings\Chris\chris.cat
[2010/06/12 00:15:48 | 000,001,449 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\DivX Movies.lnk
[2010/06/12 00:15:28 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/12 00:15:01 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/11 03:38:51 | 003,811,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 03:21:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/10 12:55:10 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/06/10 12:55:10 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/06/10 12:55:10 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/06/06 09:03:57 | 000,078,504 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/03 09:41:28 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/03 09:41:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/29 19:39:02 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/05/29 19:36:06 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/29 19:26:36 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/29 15:52:50 | 000,003,199 | ---- | M] () -- C:\WINDOWS\SAGE.INI
[2010/05/29 15:52:50 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SGREP32.INI
[2010/05/29 13:56:58 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2010/05/24 18:59:27 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Hilarys blinds.doc
[2010/05/23 15:27:04 | 000,063,640 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/23 15:12:49 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/16 11:22:43 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 18:33:23 | 001,562,966 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\chrisgal.bmp
[2010/05/08 17:28:52 | 004,007,266 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\SAGEBACK.001
[2010/05/08 17:13:14 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 23:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 11:13:44 | 000,041,542 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\09010516801M.docx
[2010/04/26 11:03:58 | 000,041,535 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Module 1 assignment 2 Christie.docx
[2010/04/24 18:49:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/24 18:21:28 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\mbam-setup-1.45.exe
[2010/04/21 22:02:34 | 000,013,774 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Journal articles from an electronic source.docx
[2010/04/15 19:58:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/12 22:32:48 | 000,017,107 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Jan.docx
[2010/04/11 08:46:08 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\rogerspeed[1].doc
[2010/04/10 19:54:44 | 001,615,522 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2010/04/08 20:56:01 | 000,016,977 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Nancy roper.docx
[2010/04/05 17:29:03 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/04 08:58:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2010/04/04 08:58:21 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
========== Files Created - No Company Name ==========
[2010/06/28 17:45:17 | 000,000,623 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\NTREGOPT.lnk
[2010/06/28 17:45:17 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\ERUNT.lnk
[2010/06/26 15:45:38 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\nt.bat
[2010/06/26 10:51:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/12 00:15:28 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/06/06 09:18:26 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
[2010/05/29 19:39:02 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
[2010/05/24 18:59:27 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Hilarys blinds.doc
[2010/05/23 15:27:04 | 000,063,640 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/15 08:12:35 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/13 18:33:22 | 001,562,966 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\chrisgal.bmp
[2010/05/08 17:40:41 | 004,007,266 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\SAGEBACK.001
[2010/05/03 18:11:48 | 000,002,149 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\LocalLow\Desktop\iTunes.lnk
[2010/05/03 18:11:48 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/03 14:06:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/03 14:06:24 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 11:13:44 | 000,041,542 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\09010516801M.docx
[2010/04/26 11:03:57 | 000,041,535 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Module 1 assignment 2 Christie.docx
[2010/04/24 18:49:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/21 22:02:34 | 000,013,774 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Journal articles from an electronic source.docx
[2010/04/12 22:32:21 | 000,017,107 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Jan.docx
[2010/04/11 08:46:07 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\rogerspeed[1].doc
[2010/04/06 21:02:42 | 000,016,977 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\Nancy roper.docx
[2010/04/05 17:29:03 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/04 08:58:24 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Pro.lnk
[2010/04/04 08:58:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/17 20:21:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\dice.ini
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/08/28 23:01:08 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/28 23:01:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/02 03:17:50 | 000,000,253 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/26 18:54:09 | 000,002,713 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/16 05:21:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/03/08 15:07:14 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2009/03/08 14:59:16 | 000,977,920 | ---- | C] () -- C:\WINDOWS\System32\Sgrep32.dll
[2009/03/08 14:59:16 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\Sgtool32.dll
[2009/03/08 14:59:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\SGOPopDg.dll
[2009/03/08 14:59:16 | 000,228,864 | ---- | C] () -- C:\WINDOWS\System32\Sgtbar32.dll
[2009/03/08 14:59:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2009/03/08 14:59:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\sg50fl32.dll
[2009/03/08 14:59:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\sg50im32.dll
[2009/03/08 14:59:16 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\Sgappbar.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Ut32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Sk32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50Ps32.dll
[2009/03/08 14:59:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\sg50iv32.dll
[2009/03/08 14:59:16 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\Sgstat32.dll
[2009/03/08 14:59:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\Sglogo32.dll
[2009/03/08 14:59:16 | 000,003,199 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2009/03/08 14:59:15 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\Sglist32.dll
[2009/03/08 14:59:15 | 000,296,448 | ---- | C] () -- C:\WINDOWS\System32\Sgcdlg32.dll
[2009/03/08 14:59:15 | 000,264,704 | ---- | C] () -- C:\WINDOWS\System32\Sglch32.dll
[2009/03/08 14:59:15 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\Sghelp32.dll
[2009/03/08 14:59:15 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\Sgintl32.dll
[2009/03/08 14:59:15 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\Sgcom32.dll
[2009/03/08 14:59:15 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\Sgdt32.dll
[2009/03/08 14:59:15 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\Sg3d32.dll
[2009/02/10 21:36:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/10 21:16:17 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDESX100DEFGIPS.ini
[2008/10/28 16:51:13 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/10/28 16:51:07 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/09/12 18:31:54 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/28 18:34:35 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/07/28 16:04:09 | 000,000,612 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
========== LOP Check ==========
[2009/10/25 19:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/04 08:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/02/10 21:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/04/26 18:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/03/21 10:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/10/28 16:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/06 09:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/02/10 21:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/04/05 17:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 18:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 14:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/04 09:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Pro
[2010/04/24 20:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Desktopicon
[2009/03/08 15:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\EPSON
[2010/02/21 23:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Facebook
[2008/12/07 13:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\LG Electronics
[2010/03/06 23:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\licenses
[2010/03/06 23:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PCMM2009
[2010/03/06 23:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PCMM2010
[2010/03/04 20:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\pokerth
[2009/11/15 12:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Samsung
[2010/02/07 11:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Thinstall
[2010/06/29 07:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2010/03/06 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Vso
========== Purity Check ==========
< End of report >
#7
Posted 29 June 2010 - 06:12 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Looks like you didn't hit the right button when you ran the Script for OTL since it didn't do anything. You have to hit RUN FIX and not Quick Scan. Can you try it again?
I see the Ask Toolbar is still there. Do you need instructions on how to Uninstall things or are you really fond of Ask? Usually people get it as foistware meaning it comes along without your asking for it usually as part of another program.
Combofix did find a hidden file that we need to remove:
Copy the text between the lines of stars by highlighting and Ctrl + c.
******************************************
Killall:
File::
c:\docume~1\Chris\LOCALS~1\Temp\a0704a0d-41e0-457f-8390-8ed2ba9637e5.mht
RootKit::
c:\docume~1\Chris\LOCALS~1\Temp\a0704a0d-41e0-457f-8390-8ed2ba9637e5.mht
******************************************
Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
Pause your anti-virus.
Drag it over to george and let it start as before.
Post the new log.
Ron
I see the Ask Toolbar is still there. Do you need instructions on how to Uninstall things or are you really fond of Ask? Usually people get it as foistware meaning it comes along without your asking for it usually as part of another program.
Combofix did find a hidden file that we need to remove:
Copy the text between the lines of stars by highlighting and Ctrl + c.
******************************************
Killall:
File::
c:\docume~1\Chris\LOCALS~1\Temp\a0704a0d-41e0-457f-8390-8ed2ba9637e5.mht
RootKit::
c:\docume~1\Chris\LOCALS~1\Temp\a0704a0d-41e0-457f-8390-8ed2ba9637e5.mht
******************************************
Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
Pause your anti-virus.
Drag it over to george and let it start as before.
Post the new log.
Ron
#8
Posted 30 June 2010 - 05:07 AM
Chrisgal
- Topic Starter
-
- Member
-
- 9 posts
New Member
Looks like you didn't hit the right button when you ran the Script for OTL since it didn't do anything. You have to hit RUN FIX and not Quick Scan. Can you try it again?
I did actually run Run Fix but for some reason did a quick scan after. Will hopefully have another go tonight but may be short of time. I missed the ask toolbar removal instruction but can't see it being a problem - Don't even know how it got on my pc.
Thanks for your time and effort.
I did actually run Run Fix but for some reason did a quick scan after. Will hopefully have another go tonight but may be short of time. I missed the ask toolbar removal instruction but can't see it being a problem - Don't even know how it got on my pc.
Thanks for your time and effort.
#9
Posted 30 June 2010 - 11:27 AM
Chrisgal
- Topic Starter
-
- Member
-
- 9 posts
New Member
All processes killed
Error: Unable to interpret <Posts: 2,001> in the current context!
Error: Unable to interpret <From: Orcas Island WA> in the current context!
Error: Unable to interpret <OS: Windows Vista> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < Uninstall:> in the current context!
Error: Unable to interpret <{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7> in the current context!
Error: Unable to interpret <"uTorrent" = µTorrent> in the current context!
Error: Unable to interpret <"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar> in the current context!
Error: Unable to interpret <Copy the text between the lines of stars by highlighting and Ctrl + c > in the current context!
Error: Unable to interpret <*****************************************************************************
***> in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\d-x10bc not found.
File C:\Documents and Settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe not found.
Starting removal of ActiveX control {D4003189-95B1-4A2F-9A87-F2B03665960D}
C:\WINDOWS\Downloaded Program Files\vjocx.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
H:\Automatic door.pdf moved successfully.
H:\Autonedt2.PDF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06240a4b-c195-11de-89b5-00142ac557fd}\ not found.
File H:\RECYCLER\help.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06240a4b-c195-11de-89b5-00142ac557fd}\ not found.
File H:\RECYCLER\help.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08df5288-a509-11dd-9a55-00142ac557fd}\ not found.
File Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08df5288-a509-11dd-9a55-00142ac557fd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0a9945-1252-11de-8973-00142ac557fd}\ not found.
File C:\RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0a9945-1252-11de-8973-00142ac557fd}\ not found.
File C:\RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Chris\Local Settings\Application Data\2HI0s not found.
File\Folder C:\Documents and Settings\All Users\Application Data\2HI0s not found.
File\Folder C:\Documents and Settings\Chris\Application Data\dx10bac not found.
File\Folder C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job not found.
File\Folder C:\RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe not found.
File\Folder C:\Start.exe not found.
File\Folder C:\Windows\Start.exe not found.
File\Folder C:\Windows\System32\Start.exe not found.
File\Folder C:\Documents and Settings\Chris\Application Data\dx10bac not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Chris
->Temp folder emptied: 391693 bytes
->Temporary Internet Files folder emptied: 34928834 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1708 bytes
User: Chris Gallon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 34.00 mb
OTL by OldTimer - Version 3.2.7.0 log created on 06302010_181947
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DF9E8B.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DF9F1B.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DFA03E.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DFA1E5.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DFA47F.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DFA5B4.tmp not found!
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\Z6DOS6WS\ebrss[2].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\S263EQE1\index[6].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\S263EQE1\like[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\BP6AT7M2\iframe[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
Error: Unable to interpret <Posts: 2,001> in the current context!
Error: Unable to interpret <From: Orcas Island WA> in the current context!
Error: Unable to interpret <OS: Windows Vista> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < Uninstall:> in the current context!
Error: Unable to interpret <{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7> in the current context!
Error: Unable to interpret <"uTorrent" = µTorrent> in the current context!
Error: Unable to interpret <"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar> in the current context!
Error: Unable to interpret <Copy the text between the lines of stars by highlighting and Ctrl + c > in the current context!
Error: Unable to interpret <*****************************************************************************
***> in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\d-x10bc not found.
File C:\Documents and Settings\Chris\Application Data\dx10bac\d-xdiag10bc.exe not found.
Starting removal of ActiveX control {D4003189-95B1-4A2F-9A87-F2B03665960D}
C:\WINDOWS\Downloaded Program Files\vjocx.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
H:\Automatic door.pdf moved successfully.
H:\Autonedt2.PDF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06240a4b-c195-11de-89b5-00142ac557fd}\ not found.
File H:\RECYCLER\help.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06240a4b-c195-11de-89b5-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06240a4b-c195-11de-89b5-00142ac557fd}\ not found.
File H:\RECYCLER\help.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08df5288-a509-11dd-9a55-00142ac557fd}\ not found.
File Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08df5288-a509-11dd-9a55-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08df5288-a509-11dd-9a55-00142ac557fd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0a9945-1252-11de-8973-00142ac557fd}\ not found.
File C:\RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0a9945-1252-11de-8973-00142ac557fd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0a9945-1252-11de-8973-00142ac557fd}\ not found.
File C:\RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Chris\Local Settings\Application Data\2HI0s not found.
File\Folder C:\Documents and Settings\All Users\Application Data\2HI0s not found.
File\Folder C:\Documents and Settings\Chris\Application Data\dx10bac not found.
File\Folder C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job not found.
File\Folder C:\RECYCLER\S-6-5-05-4454106524-4732736155-127326326-2371\asr_36357.exe not found.
File\Folder C:\Start.exe not found.
File\Folder C:\Windows\Start.exe not found.
File\Folder C:\Windows\System32\Start.exe not found.
File\Folder C:\Documents and Settings\Chris\Application Data\dx10bac not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Chris
->Temp folder emptied: 391693 bytes
->Temporary Internet Files folder emptied: 34928834 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1708 bytes
User: Chris Gallon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 34.00 mb
OTL by OldTimer - Version 3.2.7.0 log created on 06302010_181947
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DF9E8B.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DF9F1B.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DFA03E.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DFA1E5.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DFA47F.tmp not found!
File\Folder C:\Documents and Settings\Chris\Local Settings\Temp\~DFA5B4.tmp not found!
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\Z6DOS6WS\ebrss[2].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\S263EQE1\index[6].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\S263EQE1\like[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\BP6AT7M2\iframe[1].htm moved successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
#10
Posted 30 June 2010 - 12:03 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
OK I see what you did. You copied the whole page. I just want the part between the lines of stars. It looks like OTL figured it out this time anyway.
Go ahead and create the CFScript. Make sure you only copy the stuff in the code box:
(Don't copy the word Code too.)
Then save the file to your desktop as CFScript then drag it over to george and let go.
Ron
Go ahead and create the CFScript. Make sure you only copy the stuff in the code box:
Killall: File:: c:\docume~1\Chris\LOCALS~1\Temp\a0704a0d-41e0-457f-8390-8ed2ba9637e5.mht RootKit:: c:\docume~1\Chris\LOCALS~1\Temp\a0704a0d-41e0-457f-8390-8ed2ba9637e5.mht
(Don't copy the word Code too.)
Then save the file to your desktop as CFScript then drag it over to george and let go.
Ron
#11
Posted 30 June 2010 - 12:30 PM
Chrisgal
- Topic Starter
-
- Member
-
- 9 posts
New Member
ComboFix 10-06-29.02 - Chris 30/06/2010 19:00:20.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1471.954 [GMT 1:00]
Running from: c:\documents and settings\Chris\My Documents\LocalLow\Desktop\George.exe
Command switches used :: c:\documents and settings\Chris\My Documents\LocalLow\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\docume~1\Chris\LOCALS~1\Temp\a0704a0d-41e0-457f-8390-8ed2ba9637e5.mht"
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.
2010-06-29 20:49 . 2010-06-29 21:12 -------- d-----w- C:\George
2010-06-28 16:45 . 2010-06-28 16:45 -------- d-----w- c:\program files\ERUNT
2010-06-26 09:51 . 2010-06-26 14:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 17:07 . 2010-06-26 18:41 -------- d-----w- C:\A Northern Soul
2010-06-10 04:13 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-06 08:03 . 2010-06-06 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-06 07:58 . 2010-06-06 07:58 -------- d-----w- c:\program files\Adobe Media Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 11:22 . 2010-03-21 09:16 -------- d-----w- c:\program files\LogMeIn
2010-06-29 06:06 . 2010-02-27 16:46 -------- d-----w- c:\program files\uTorrent
2010-06-29 06:06 . 2010-01-23 13:26 -------- d-----w- c:\documents and settings\Chris\Application Data\uTorrent
2010-06-29 06:04 . 2008-09-12 18:18 -------- d-----w- c:\program files\Java
2010-06-29 06:04 . 2008-09-12 18:17 -------- d-----w- c:\program files\Common Files\Java
2010-06-28 19:03 . 2010-04-24 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 10:04 . 2008-10-28 15:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-27 10:04 . 2008-07-28 15:01 -------- d-----w- c:\program files\CyberLink
2010-06-26 14:45 . 2010-06-26 14:45 614 ----a-w- c:\documents and settings\Chris\Application Data\nt.bat
2010-06-26 14:45 . 2010-06-26 14:45 614 ----a-w- c:\documents and settings\Chris\Application Data\nt.bat
2010-06-11 23:28 . 2010-05-15 10:09 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-11 23:28 . 2010-05-15 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-11 23:15 . 2010-06-11 23:15 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-11 23:15 . 2009-04-13 12:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-11 23:15 . 2009-04-13 12:44 -------- d-----w- c:\program files\DivX
2010-06-11 23:15 . 2010-06-11 23:15 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-11 23:14 . 2010-06-11 23:14 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-11 23:14 . 2010-06-11 23:14 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-11 23:14 . 2010-05-15 07:14 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-11 23:14 . 2010-05-15 07:14 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-10 11:55 . 2010-03-21 09:17 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-10 11:55 . 2010-03-21 09:17 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-10 11:55 . 2010-03-21 09:17 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-06 08:03 . 2008-10-28 15:23 78504 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-06 08:00 . 2008-09-02 17:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 07:38 . 2009-03-24 19:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 07:14 . 2009-04-13 12:51 -------- d-----w- c:\documents and settings\Chris\Application Data\DivX
2010-06-03 08:41 . 2010-06-03 08:41 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-03 08:41 . 2010-06-03 08:41 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-03 08:41 . 2009-10-25 18:37 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 08:41 . 2009-10-25 18:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 13:47 . 2010-06-01 13:47 61440 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3fe64528-n\decora-sse.dll
2010-06-01 13:47 . 2010-06-01 13:47 503808 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\msvcp71.dll
2010-06-01 13:47 . 2010-06-01 13:47 499712 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\jmc.dll
2010-06-01 13:47 . 2010-06-01 13:47 348160 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\msvcr71.dll
2010-06-01 13:47 . 2010-06-01 13:47 12800 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3fe64528-n\decora-d3d.dll
2010-05-31 10:27 . 2010-04-04 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-29 18:33 . 2009-08-22 02:06 -------- d-----w- c:\program files\MSBuild
2010-05-29 18:32 . 2010-05-29 18:32 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2008
2010-05-29 18:32 . 2010-05-29 18:32 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2005
2010-05-29 18:31 . 2010-05-29 18:31 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-05-29 18:30 . 2010-05-29 18:30 -------- d-----w- c:\program files\Microsoft.NET
2010-05-29 18:30 . 2009-09-16 13:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-29 18:28 . 2010-05-29 18:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-29 18:25 . 2010-05-29 18:25 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-05-24 17:58 . 2010-05-24 17:58 53248 ----a-w- c:\documents and settings\Chris\Application Data\Thinstall\Microsoft Office Enterprise 2007\10000002b00002h\E_FARNEDE.EXE
2010-05-24 17:58 . 2010-05-24 17:58 53248 ----a-w- c:\documents and settings\Chris\Application Data\Thinstall\Microsoft Office Enterprise 2007\10000002f00002h\E_FAMTEDE.EXE
2010-05-23 16:03 . 2010-05-23 16:03 -------- d-----w- c:\program files\Makayama Interactive
2010-05-23 14:27 . 2010-05-23 14:27 63640 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 02:55 . 2010-05-22 02:55 503808 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\msvcp71.dll
2010-05-22 02:55 . 2010-05-22 02:55 61440 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b90771d-n\decora-sse.dll
2010-05-22 02:55 . 2010-05-22 02:55 499712 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\jmc.dll
2010-05-22 02:55 . 2010-05-22 02:55 348160 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\msvcr71.dll
2010-05-22 02:55 . 2010-05-22 02:55 12800 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b90771d-n\decora-d3d.dll
2010-05-15 07:12 . 2010-05-15 07:12 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-15 07:11 . 2010-05-15 07:11 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-15 07:11 . 2010-05-15 07:11 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-13 17:31 . 2010-05-13 17:29 -------- d-----w- c:\program files\FontTwister
2010-05-08 08:12 . 2008-08-17 13:49 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 17:11 . 2010-05-03 17:10 -------- d-----w- c:\program files\iTunes
2010-05-03 17:10 . 2010-05-03 17:10 -------- d-----w- c:\program files\iPod
2010-05-03 17:10 . 2009-04-10 13:31 -------- d-----w- c:\program files\Common Files\Apple
2010-05-03 17:01 . 2008-09-12 17:25 -------- d-----w- c:\program files\Bonjour
2010-05-03 17:00 . 2010-05-03 17:00 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 10:30 . 2010-05-01 10:30 503808 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\msvcp71.dll
2010-05-01 10:30 . 2010-05-01 10:30 499712 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\jmc.dll
2010-05-01 10:30 . 2010-05-01 10:30 348160 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\msvcr71.dll
2010-05-01 10:30 . 2010-05-01 10:30 61440 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72074741-n\decora-sse.dll
2010-05-01 10:30 . 2010-05-01 10:30 12800 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72074741-n\decora-d3d.dll
2010-05-01 10:28 . 2010-05-01 10:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-29 14:39 . 2010-04-24 17:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-04-24 17:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 07:58 . 2010-04-04 07:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-27 13:15 . 2009-09-19 12:43 249324 ----a-w- c:\program files\Television-Blank_Gen_(Live).ogg
2004-07-17 10:35 . 2009-09-19 12:43 1326080 ----a-w- c:\program files\webfldrs.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
2010-05-17 14:01 2515552 ----a-w- c:\program files\The_Streaming_Lounge\tbThe1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-08-17 17:54 564624 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{84AB7B40-6AA5-4009-B1A3-5883080F0C9E}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
"AdobeUpdater"="c:\program files\COMMON FILES\ADOBE\UPDATER5\ADOBEUPDATER.EXE" [2007-02-28 2321600]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2009-08-17 661360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2005-09-14 167936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-08-17 85888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-8-21 202648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\Samsung Master
Samsung Master Help.lnk - c:\program files\Samsung\Samsung Master\SamsungMaster.chm [2009-8-28 468497]
Samsung Master.lnk - c:\program files\Samsung\Samsung Master\SamsungMaster.exe [2009-8-28 2510336]
Uninstall Samsung Master.lnk - c:\program files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\setup.exe [2009-8-28 455600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-10 11:55 87424 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/04/2010 08:58 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/10/2009 19:37 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/10/2009 19:37 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15/03/2010 10:17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 10:18 308064]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 13:41 12856]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/05/2010 14:06 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21/08/2009 15:47 30510960]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [21/08/2009 15:36 4639136]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [08/12/2008 21:44 185344]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
.
Contents of the 'Scheduled Tasks' folder
2010-06-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-06 07:48]
2010-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 13:06]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 13:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 19:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spir.sys >>UNKNOWN [0x89A1E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9e2fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xb9d25bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d32a21
SendHandler -> NDIS.sys @ 0xb9d1087b
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(1480)
c:\windows\system32\WININET.dll
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-30 19:24:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-30 18:24
ComboFix2.txt 2010-06-30 17:51
ComboFix3.txt 2010-06-29 21:54
Pre-Run: 14,825,521,152 bytes free
Post-Run: 14,821,670,912 bytes free
- - End Of File - - 8A989DDF693B862AB07388C42B44C70F
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1471.954 [GMT 1:00]
Running from: c:\documents and settings\Chris\My Documents\LocalLow\Desktop\George.exe
Command switches used :: c:\documents and settings\Chris\My Documents\LocalLow\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\docume~1\Chris\LOCALS~1\Temp\a0704a0d-41e0-457f-8390-8ed2ba9637e5.mht"
.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.
2010-06-29 20:49 . 2010-06-29 21:12 -------- d-----w- C:\George
2010-06-28 16:45 . 2010-06-28 16:45 -------- d-----w- c:\program files\ERUNT
2010-06-26 09:51 . 2010-06-26 14:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-21 17:07 . 2010-06-26 18:41 -------- d-----w- C:\A Northern Soul
2010-06-10 04:13 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-06 08:03 . 2010-06-06 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-06 07:58 . 2010-06-06 07:58 -------- d-----w- c:\program files\Adobe Media Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 11:22 . 2010-03-21 09:16 -------- d-----w- c:\program files\LogMeIn
2010-06-29 06:06 . 2010-02-27 16:46 -------- d-----w- c:\program files\uTorrent
2010-06-29 06:06 . 2010-01-23 13:26 -------- d-----w- c:\documents and settings\Chris\Application Data\uTorrent
2010-06-29 06:04 . 2008-09-12 18:18 -------- d-----w- c:\program files\Java
2010-06-29 06:04 . 2008-09-12 18:17 -------- d-----w- c:\program files\Common Files\Java
2010-06-28 19:03 . 2010-04-24 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 10:04 . 2008-10-28 15:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-27 10:04 . 2008-07-28 15:01 -------- d-----w- c:\program files\CyberLink
2010-06-26 14:45 . 2010-06-26 14:45 614 ----a-w- c:\documents and settings\Chris\Application Data\nt.bat
2010-06-26 14:45 . 2010-06-26 14:45 614 ----a-w- c:\documents and settings\Chris\Application Data\nt.bat
2010-06-11 23:28 . 2010-05-15 10:09 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-11 23:28 . 2010-05-15 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-11 23:15 . 2010-06-11 23:15 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-11 23:15 . 2009-04-13 12:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-11 23:15 . 2009-04-13 12:44 -------- d-----w- c:\program files\DivX
2010-06-11 23:15 . 2010-06-11 23:15 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-06-11 23:15 . 2010-06-11 23:15 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-11 23:14 . 2010-06-11 23:14 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-11 23:14 . 2010-06-11 23:14 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-11 23:14 . 2010-05-15 07:14 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-06-11 23:14 . 2010-05-15 07:14 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-10 11:55 . 2010-03-21 09:17 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-10 11:55 . 2010-03-21 09:17 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-10 11:55 . 2010-03-21 09:17 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-06 08:03 . 2008-10-28 15:23 78504 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-06 08:00 . 2008-09-02 17:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-06 07:38 . 2009-03-24 19:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 07:14 . 2009-04-13 12:51 -------- d-----w- c:\documents and settings\Chris\Application Data\DivX
2010-06-03 08:41 . 2010-06-03 08:41 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-03 08:41 . 2010-06-03 08:41 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-03 08:41 . 2009-10-25 18:37 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 08:41 . 2009-10-25 18:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 13:47 . 2010-06-01 13:47 61440 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3fe64528-n\decora-sse.dll
2010-06-01 13:47 . 2010-06-01 13:47 503808 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\msvcp71.dll
2010-06-01 13:47 . 2010-06-01 13:47 499712 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\jmc.dll
2010-06-01 13:47 . 2010-06-01 13:47 348160 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56e4ffd0-n\msvcr71.dll
2010-06-01 13:47 . 2010-06-01 13:47 12800 ----a-w- c:\documents and settings\Chris Gallon\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3fe64528-n\decora-d3d.dll
2010-05-31 10:27 . 2010-04-04 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-29 18:33 . 2009-08-22 02:06 -------- d-----w- c:\program files\MSBuild
2010-05-29 18:32 . 2010-05-29 18:32 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2008
2010-05-29 18:32 . 2010-05-29 18:32 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2005
2010-05-29 18:31 . 2010-05-29 18:31 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-05-29 18:30 . 2010-05-29 18:30 -------- d-----w- c:\program files\Microsoft.NET
2010-05-29 18:30 . 2009-09-16 13:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-29 18:28 . 2010-05-29 18:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-29 18:25 . 2010-05-29 18:25 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-05-24 17:58 . 2010-05-24 17:58 53248 ----a-w- c:\documents and settings\Chris\Application Data\Thinstall\Microsoft Office Enterprise 2007\10000002b00002h\E_FARNEDE.EXE
2010-05-24 17:58 . 2010-05-24 17:58 53248 ----a-w- c:\documents and settings\Chris\Application Data\Thinstall\Microsoft Office Enterprise 2007\10000002f00002h\E_FAMTEDE.EXE
2010-05-23 16:03 . 2010-05-23 16:03 -------- d-----w- c:\program files\Makayama Interactive
2010-05-23 14:27 . 2010-05-23 14:27 63640 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 02:55 . 2010-05-22 02:55 503808 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\msvcp71.dll
2010-05-22 02:55 . 2010-05-22 02:55 61440 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b90771d-n\decora-sse.dll
2010-05-22 02:55 . 2010-05-22 02:55 499712 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\jmc.dll
2010-05-22 02:55 . 2010-05-22 02:55 348160 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e4c0a44-n\msvcr71.dll
2010-05-22 02:55 . 2010-05-22 02:55 12800 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b90771d-n\decora-d3d.dll
2010-05-15 07:12 . 2010-05-15 07:12 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-15 07:12 . 2010-05-15 07:12 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-15 07:11 . 2010-05-15 07:11 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-15 07:11 . 2010-05-15 07:11 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-13 17:31 . 2010-05-13 17:29 -------- d-----w- c:\program files\FontTwister
2010-05-08 08:12 . 2008-08-17 13:49 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-03 17:11 . 2010-05-03 17:10 -------- d-----w- c:\program files\iTunes
2010-05-03 17:10 . 2010-05-03 17:10 -------- d-----w- c:\program files\iPod
2010-05-03 17:10 . 2009-04-10 13:31 -------- d-----w- c:\program files\Common Files\Apple
2010-05-03 17:01 . 2008-09-12 17:25 -------- d-----w- c:\program files\Bonjour
2010-05-03 17:00 . 2010-05-03 17:00 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 10:30 . 2010-05-01 10:30 503808 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\msvcp71.dll
2010-05-01 10:30 . 2010-05-01 10:30 499712 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\jmc.dll
2010-05-01 10:30 . 2010-05-01 10:30 348160 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a6ecfad-n\msvcr71.dll
2010-05-01 10:30 . 2010-05-01 10:30 61440 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72074741-n\decora-sse.dll
2010-05-01 10:30 . 2010-05-01 10:30 12800 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72074741-n\decora-d3d.dll
2010-05-01 10:28 . 2010-05-01 10:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-29 14:39 . 2010-04-24 17:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-04-24 17:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 07:58 . 2010-04-04 07:58 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-27 13:15 . 2009-09-19 12:43 249324 ----a-w- c:\program files\Television-Blank_Gen_(Live).ogg
2004-07-17 10:35 . 2009-09-19 12:43 1326080 ----a-w- c:\program files\webfldrs.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
2010-05-17 14:01 2515552 ----a-w- c:\program files\The_Streaming_Lounge\tbThe1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-08-17 17:54 564624 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{84AB7B40-6AA5-4009-B1A3-5883080F0C9E}"= "c:\program files\The_Streaming_Lounge\tbThe1.dll" [2010-05-17 2515552]
[HKEY_CLASSES_ROOT\clsid\{84ab7b40-6aa5-4009-b1a3-5883080f0c9e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
"AdobeUpdater"="c:\program files\COMMON FILES\ADOBE\UPDATER5\ADOBEUPDATER.EXE" [2007-02-28 2321600]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2009-08-17 661360]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2005-09-14 167936]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-08-17 85888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-06-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-8-21 202648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\Samsung Master
Samsung Master Help.lnk - c:\program files\Samsung\Samsung Master\SamsungMaster.chm [2009-8-28 468497]
Samsung Master.lnk - c:\program files\Samsung\Samsung Master\SamsungMaster.exe [2009-8-28 2510336]
Uninstall Samsung Master.lnk - c:\program files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\setup.exe [2009-8-28 455600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-10 11:55 87424 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/04/2010 08:58 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/10/2009 19:37 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/10/2009 19:37 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15/03/2010 10:17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 10:18 308064]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 13:41 12856]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/05/2010 14:06 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21/08/2009 15:47 30510960]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [21/08/2009 15:36 4639136]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [08/12/2008 21:44 185344]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
.
Contents of the 'Scheduled Tasks' folder
2010-06-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-CHRIS-6847EFA79-Chris.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-06 07:48]
2010-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 13:06]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 13:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 19:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spir.sys >>UNKNOWN [0x89A1E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9e2fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xb9d25bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d32a21
SendHandler -> NDIS.sys @ 0xb9d1087b
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(1480)
c:\windows\system32\WININET.dll
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-30 19:24:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-30 18:24
ComboFix2.txt 2010-06-30 17:51
ComboFix3.txt 2010-06-29 21:54
Pre-Run: 14,825,521,152 bytes free
Post-Run: 14,821,670,912 bytes free
- - End Of File - - 8A989DDF693B862AB07388C42B44C70F
#12
Posted 30 June 2010 - 12:50 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Are things any better now?
Do the BitDefender scan
http://www.bitdefend...nline/free.html and copy and paste the report.
Do the BitDefender scan
http://www.bitdefend...nline/free.html and copy and paste the report.
#13
Posted 30 June 2010 - 01:06 PM
Chrisgal
- Topic Starter
-
- Member
-
- 9 posts
New Member
says no virus found. everything seems back to normal. Can not thank you enough. Is there any way I can make a small donation for the upkeep of the site?
#14
Posted 30 June 2010 - 01:59 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
There is a PayPal link at the bottom of this page. http://www.geekstogo...?showuser=20791
OldTimer is the guy who writes tools like OTL so I think he deserves it.
We have a little housekeeping to do yet.
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f
You can uninstall or delete any tools we had you download that you don't want to keep and their logs.
OTL has a cleanup button which should do most of it for you.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\george.exe" /Uninstall
Start, Run, cmd, OK then right click, Paste, then hit Enter.
To hide hidden files again:
XP
# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.
I see you have the latest version of Java (6 update 20). Make sure you do not have any older versions.
Go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE).
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html
It's a small program that will sit in your systray and warn you if something tries to make changes to your system.
If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) and No Script are two others you might want to try.
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.
If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
Ron
OldTimer is the guy who writes tools like OTL so I think he deserves it.
We have a little housekeeping to do yet.
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f
You can uninstall or delete any tools we had you download that you don't want to keep and their logs.
OTL has a cleanup button which should do most of it for you.
To uninstall combofix, copy the next line:
"%userprofile%\Desktop\george.exe" /Uninstall
Start, Run, cmd, OK then right click, Paste, then hit Enter.
To hide hidden files again:
XP
# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.
I see you have the latest version of Java (6 update 20). Make sure you do not have any older versions.
Go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE).
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html
It's a small program that will sit in your systray and warn you if something tries to make changes to your system.
If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) and No Script are two others you might want to try.
If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.
If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.
Ron
#15
Posted 01 July 2010 - 11:42 AM
Chrisgal
- Topic Starter
-
- Member
-
- 9 posts
New Member
All done Ron - thanks so much for your help - Top man. Will make a donation at the weekend
Think this topic can be losed now.
Think this topic can be losed now.
Edited by Chrisgal, 01 July 2010 - 11:44 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
