Many thanks
Faye
Facebook spam/ads
Started by
faye1987
, Jul 06 2011 01:51 PM
-
This topic is locked
#1
Posted 06 July 2011 - 01:51 PM
faye1987
-
- Member
-
- 36 posts
Member
Many thanks
Faye
#2
Posted 08 July 2011 - 01:46 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Hi
. My name is Michael and I am here to help you fix your computer. 
Note: Before we start the process you should:
Sorry for the late reply.
As I'm not a fan of Facebook, I can't tell if these ads are normal or if they're related to malware on your computer, but we'll make sure that your computer is clean
OTL Custom Scan
Next:
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
. My name is Michael and I am here to help you fix your computer. Note: Before we start the process you should:
- POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
- Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
- Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.
Sorry for the late reply.
As I'm not a fan of Facebook, I can't tell if these ads are normal or if they're related to malware on your computer, but we'll make sure that your computer is clean
OTL Custom Scan- Download OTL to your Desktop
- Double click on the
icon to run it. - Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top, make sure Stadard output is selected.
- Select Scan all users
- Check the boxes beside LOP Check and Purity Check.
- Under the Custom Scans/Fixes box copy and paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Click the
button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open OTL.Txt in Notepad window.
- Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.
Next:
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
- Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity. - Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
#3
Posted 11 July 2011 - 03:52 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Topic re-opened.
Please post the logs indicated above
Thanks
Please post the logs indicated above
Thanks
#4
Posted 14 July 2011 - 01:53 PM
faye1987
- Topic Starter
-
- Member
-
- 36 posts
Member
thanks Michael,
Logs as follows-
OTL:
OTL logfile created on: 11/07/2011 22:21:50 - Run 11
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\currys\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 36.25% Memory free
5.92 Gb Paging File | 4.29 Gb Available in Paging File | 72.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 59.84 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.55% Space Free | Partition Type: NTFS
Computer Name: CURRYS-PC | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/11 22:20:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL(1).exe
PRC - [2011/06/30 14:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/17 18:15:00 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/06/17 18:14:56 | 000,267,728 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
PRC - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/05/31 01:13:21 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/03/26 10:59:17 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Users\currys\Downloads\BitTorrent-7.2.exe
PRC - [2010/11/24 20:07:33 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/09/26 09:39:12 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/25 13:46:51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/25 13:46:49 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/25 13:46:15 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/25 13:46:11 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/07 12:50:54 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
PRC - [2009/12/07 12:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/07/31 18:39:22 | 000,340,176 | ---- | M] (The TechGuys) -- C:\Program Files\The TechGuys\Launch\Launch.exe
PRC - [2008/07/24 04:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.17\OsdService.exe
PRC - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdecoms.exe
========== Modules (SafeList) ==========
MOD - [2011/07/11 22:20:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL(1).exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/09/25 13:47:40 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/25 13:46:15 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/25 13:46:11 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/25 07:28:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.17\OsdService.exe -- (OsdService)
SRV - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdecoms.exe -- (lxde_device)
SRV - [2007/05/29 09:06:44 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe -- (lxdeCATSCustConnectService)
========== Driver Services (SafeList) ==========
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/01 17:13:06 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/05 16:58:45 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/19 15:16:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/01 21:41:37 | 000,028,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2010/09/25 13:47:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/25 13:47:25 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/30 21:52:19 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/05 10:03:33 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/06/17 22:27:28 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008/03/31 13:02:34 | 000,008,192 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=DSGI&bmod=DSGI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17159
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110522,16932,0,19,0"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\currys\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/06/20 23:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/07/04 17:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 02:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/08 08:51:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}: C:\Users\currys\AppData\Local\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F} [2011/04/23 07:55:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/07/04 17:44:27 | 000,000,000 | ---D | M]
[2011/04/08 08:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions
[2009/12/20 20:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/27 00:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\1nxpicb1.default\extensions
[2011/04/08 08:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 21:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 07:33:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/20 23:19:24 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/07/04 17:44:27 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2011/04/23 07:55:01 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CURRYS\APPDATA\LOCAL\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}
[2011/06/25 02:28:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/08/27 21:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/05 21:29:13 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/02/22 17:44:50 | 000,000,949 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/06/20 07:17:47 | 000,000,100 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ˙ž
O1 - Hosts: 1 2 7 . 0 . 0 . 1 l o c a l h o s t
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Facetheme) - {70C6E9DE-F30E-4A40-8A6F-9572C2328320} - C:\Program Files\Object\bho_project.dll (InternetEngine)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000..\Run: [BitTorrent] C:\Users\currys\Downloads\BitTorrent-7.2.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/07/11 22:15:46 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{03E4A49E-BC16-400C-B15C-5F329835A0A3}
[2011/07/10 22:54:58 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{3815D9DA-758B-41B3-A336-6BB7FAE340F6}
[2011/07/08 17:11:36 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{47C8A9B3-D960-4621-B8DC-1BC1F2CE21EF}
[2011/07/07 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{9D0743A3-5732-4864-B345-D7AFAE199D91}
[2011/07/06 20:32:45 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{EBDA60CA-141B-4E74-B592-E11B1CB23D6C}
[2011/07/05 21:21:38 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{AA8FFFF7-2905-478F-A299-7CB5B978D87A}
[2011/07/05 21:12:26 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/05 21:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/05 21:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/05 21:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/04 18:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2011/07/04 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Convert X to DVD
[2011/06/29 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/29 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/29 20:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/26 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{641A9675-BC25-4F6E-BF19-B55D3C03FFCB}
[2011/06/23 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\currys\Documents\Adobe Scripts
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/21 22:42:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/06/20 13:32:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/20 13:32:38 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/20 13:32:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/20 13:32:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/20 07:24:24 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{56266E5B-7446-4951-A353-909EE50F4311}
[2011/06/20 07:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/06/20 07:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/06/19 19:10:44 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{92351E20-2C6E-431E-B2E4-337927382D00}
[2011/06/17 18:14:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/06/17 18:14:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/06/17 18:14:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/06/17 18:14:46 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/06/17 18:14:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/06/17 18:14:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/06/17 18:14:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/06/17 18:14:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/06/17 18:14:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/06/17 18:14:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/06/16 22:07:43 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/06/16 17:51:19 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{E8BC4339-D765-47CE-97BF-93FA767A5761}
[2011/06/15 23:20:10 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{16140E0F-4610-4C13-B690-AABEEF18B221}
[2011/06/15 06:28:34 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{DA08F109-4064-4556-B40C-2526EB90EA44}
[2011/06/14 20:54:35 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{EA72F643-1950-4FDB-A128-FE97B31AC123}
[2011/06/13 17:00:01 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{33011A79-7C4B-44DD-8A12-231C535B222D}
[2011/06/12 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{171DD9D6-C614-4A96-9A06-A813726EFDAE}
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/05/12 08:08:06 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll
[2010/05/12 08:08:06 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll
[2010/05/12 08:08:06 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll
[2010/05/12 08:08:06 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll
[2010/05/12 08:08:06 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll
[2010/05/12 08:08:06 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdecoms.exe
[2010/05/12 08:08:06 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll
[2010/05/12 08:08:06 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdehcp.dll
[2010/05/12 08:08:06 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdecfg.exe
[2010/05/12 08:08:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll
[2010/05/12 08:08:06 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll
[2010/05/12 08:08:06 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll
[2010/05/12 08:08:06 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdeih.exe
[2010/05/12 08:08:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/11 22:18:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 22:17:34 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/11 22:17:34 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/11 22:16:29 | 079,734,956 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/07/11 22:15:10 | 000,001,752 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/11 22:13:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 22:13:03 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/07/11 22:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/11 22:12:10 | 2384,965,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 01:00:24 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/11 01:00:24 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 23:16:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/10 23:13:28 | 266,123,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/06 20:50:34 | 000,001,193 | ---- | M] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/07/05 21:12:22 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/04 22:21:38 | 000,001,057 | ---- | M] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2011/07/04 17:45:11 | 000,001,183 | ---- | M] () -- C:\Users\currys\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/07/04 17:45:10 | 000,001,191 | ---- | M] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | M] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/06/29 20:58:27 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/24 19:52:18 | 003,696,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/21 22:50:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/06/20 06:48:32 | 000,010,564 | -HS- | M] () -- C:\Users\currys\AppData\Local\q23ue037u72
[2011/06/20 06:48:32 | 000,010,564 | -HS- | M] () -- C:\ProgramData\q23ue037u72
[2011/06/17 18:14:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/06/17 18:14:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/06/17 18:14:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/06/17 18:14:46 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/06/17 18:14:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/06/17 18:14:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/06/17 18:14:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/06/17 18:14:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/06/17 18:14:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/06/17 18:14:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/06/16 21:54:14 | 000,013,108 | ---- | M] () -- C:\Users\currys\Documents\brighton smeg.p2g
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/11 22:13:35 | 000,001,752 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/05 21:12:22 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/04 17:45:10 | 000,001,191 | ---- | C] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | C] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/07/02 02:53:24 | 266,123,281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/29 20:58:27 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/23 19:55:59 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/06/23 19:54:03 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/06/23 19:53:23 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/06/23 19:51:46 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/06/23 19:51:25 | 000,001,514 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/06/23 19:50:37 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/06/23 19:24:17 | 000,001,193 | ---- | C] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/06/20 06:46:30 | 000,010,564 | -HS- | C] () -- C:\Users\currys\AppData\Local\q23ue037u72
[2011/06/20 06:46:30 | 000,010,564 | -HS- | C] () -- C:\ProgramData\q23ue037u72
[2011/06/16 21:54:14 | 000,013,108 | ---- | C] () -- C:\Users\currys\Documents\brighton smeg.p2g
[2011/05/26 07:24:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/26 07:23:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/23 08:26:49 | 000,001,057 | ---- | C] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2011/04/23 07:55:03 | 000,000,120 | ---- | C] () -- C:\Users\currys\AppData\Local\Hmemukimupewu.dat
[2011/04/23 07:55:03 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\Vzuleregucoruwu.bin
[2010/09/28 17:32:11 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\prvlcl.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/23 17:46:42 | 000,028,240 | ---- | C] () -- C:\Windows\System32\drivers\mssmbios.sys
[2010/08/14 00:18:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/14 00:18:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/14 00:18:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/30 23:27:38 | 000,000,112 | ---- | C] () -- C:\ProgramData\Q81uVs.dat
[2010/07/28 19:53:28 | 000,010,240 | ---- | C] () -- C:\Users\currys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 12:01:48 | 002,848,087 | ---- | C] () -- C:\Users\currys\AppData\Roaming\B.O.B ft Hayley Williams - Airplanes.zip
[2010/05/12 08:08:06 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdeinst.dll
[2010/05/12 08:08:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll
[2010/04/24 13:45:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/04/06 22:15:51 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/06 22:00:21 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/02/26 16:40:15 | 000,001,387 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/06 11:19:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/12/06 11:19:11 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 003,696,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009/07/14 00:24:44 | 000,002,048 | ---- | C] () -- C:\Users\currys\AppData\Local\sLetudr.dll
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/06 08:22:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/05/09 09:17:02 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2009/05/04 15:45:11 | 000,001,220 | ---- | C] () -- C:\Users\currys\AppData\Roaming\wklnhst.dat
[2009/05/02 11:09:42 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/18 14:56:34 | 000,076,118 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2008/06/17 22:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys
[2007/05/24 16:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdedrs.dll
[2007/05/22 10:09:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdecaps.dll
[2007/05/03 15:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll
[2007/04/17 10:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdecnv4.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdevs.dll
========== LOP Check ==========
[2011/01/27 20:08:51 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Azureus
[2010/09/29 17:45:33 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Baym
[2010/04/06 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Birdstep Technology
[2011/07/11 22:59:16 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\BitTorrent
[2011/05/27 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\BitZipper
[2010/04/06 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\DAEMON Tools Lite
[2011/05/22 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Epson
[2010/04/06 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Facebook
[2011/01/16 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\foobar2000
[2010/05/12 08:10:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Lexmark Productivity Studio
[2011/03/11 01:27:01 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Orangeline Interactive
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Samsung
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Template
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\The TechGuys
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Trusteer
[2011/07/04 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Vso
[2011/02/24 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Windows Live Writer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\faye 2\AppData\Roaming\Trusteer
[2010/04/16 06:45:30 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Birdstep Technology
[2010/04/16 06:45:31 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\The TechGuys
[2010/07/10 21:28:51 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Trusteer
[2010/10/02 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\Guest!\AppData\Roaming\Trusteer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\Guest!.currys-PC\AppData\Roaming\Trusteer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Trusteer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\TEMP.currys-PC\AppData\Roaming\Trusteer
[2011/07/11 22:13:03 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2011/05/10 06:53:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\ERDNT\cache\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\ERDNT\cache\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/24 22:23:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/24 22:23:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:13EDD51B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:456A69E6
< End of report >
GMER:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-12 23:34:36
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV010J
Running: gmer.exe; Driver: C:\Users\currys\AppData\Local\Temp\fxlirpob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x90FB4FC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x90FB5A56]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwCreateThread [0x90FEDE20]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwCreateThreadEx [0x90FEDEBE]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwDeleteFile [0x90FECE7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x90FB927C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x90FB92AE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x90FB9410]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x90FB5B2C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x90FB5104]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x90FB52F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x90FB5428]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x90FB9386]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x90FB92F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x90FB9322]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x90FB9354]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x90FB4F66]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwSetInformationFile [0x90FECEF0]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwSetValueKey [0x90FEDCFC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x90FB4F02]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwTerminateProcess [0x90FECE02]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x90FB4E9E]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 83059339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83092D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83099E48 4 Bytes [C0, 4F, FB, 90] {ROR BYTE [EDI-0x5], 0x90}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 83099EA4 4 Bytes [56, 5A, FB, 90] {PUSH ESI; POP EDX; STI ; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 83099EF8 8 Bytes [20, DE, FE, 90, BE, DE, FE, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 123F 83099F34 8 Bytes [7C, CE, FE, 90, 7C, 92, FB, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 124F 83099F44 4 Bytes [AE, 92, FB, 90] {SCASB ; XCHG EDX, EAX; STI ; NOP }
.text ...
PAGE ntkrnlpa.exe!ZwAlpcDeletePortSection + 1332 83226428 7 Bytes JMP 91F0FE30
? System32\Drivers\spal.sys The system cannot find the path specified. !
PAGE ataport.SYS!DllUnload + 1 8B6FEAD7 4 Bytes JMP 859461D9
.text USBPORT.SYS!DllUnload 91D63D81 5 Bytes JMP 86E721D8
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AF389000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AF389123 629 Bytes [45, 38, AF, FE, 05, 34, 45, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AF389399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F AF3893FF 51 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 53C3 AF389433 96 Bytes [37, AF, 85, C9, 7C, 18, 8D, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] ntdll.dll!KiUserApcDispatcher 76F26F58 5 Bytes JMP 01B89570 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] ntdll.dll!LdrLoadDll 76F422B8 6 Bytes JMP 00E91410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] kernel32.dll!SetUnhandledExceptionFilter 76CD3D01 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] GDI32.dll!BitBlt 762A72C0 6 Bytes PUSH 71730022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!DdeInitializeW 76386048 6 Bytes PUSH 716F0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!CreateWindowExA 7638E18A 6 Bytes JMP 7190000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!CreateWindowExW 76390E51 6 Bytes JMP 7194000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!RegisterClassExW 7639212B 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!RegisterClassW 7639281B 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!GetWindowRect 76397450 6 Bytes PUSH 715F0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!DispatchMessageW 76398E8D 6 Bytes PUSH 716B0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!GetMessageW 76398F97 6 Bytes PUSH 71630022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!TranslateMessage 7639910F 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!PeekMessageW 763991B5 6 Bytes PUSH 71990022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!GetClipboardData 763A4B47 6 Bytes PUSH 71670022; RET
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2792] ntdll.dll!KiUserApcDispatcher 76F26F58 5 Bytes JMP 0043E8F0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2792] WS2_32.dll!getaddrinfo 770D4296 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2792] WS2_32.dll!gethostbyname 770E7673 5 Bytes JMP 71AE0022
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B48D042] \SystemRoot\System32\Drivers\spal.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B48D6D6] \SystemRoot\System32\Drivers\spal.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B48D800] \SystemRoot\System32\Drivers\spal.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B48D13E] \SystemRoot\System32\Drivers\spal.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F22437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F05600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F056BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F224B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F18514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F14CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F1506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F15144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73F16671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F1826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F187BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F1901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F1E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F14BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73F22437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73F05600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73F056BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73F224B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73F18514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73F14CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73F1506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73F15144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73F16671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73F1826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73F187BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73F1901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73F1E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73F14BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 859261F8
AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 kbfiltr.sys
Device \Driver\volmgr \Device\VolMgrControl 859411F8
Device \Driver\usbuhci \Device\USBPDO-0 86E881F8
Device \Driver\usbuhci \Device\USBPDO-1 86E881F8
Device \Driver\usbuhci \Device\USBPDO-2 86E881F8
Device \Driver\usbehci \Device\USBPDO-3 86E6F500
Device \Driver\usbuhci \Device\USBPDO-4 86E881F8
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-5 86E881F8
Device \Driver\usbuhci \Device\USBPDO-6 86E881F8
Device \Driver\volmgr \Device\HarddiskVolume1 859411F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 86E6F500
Device \Driver\volmgr \Device\HarddiskVolume2 859411F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 86B7B1F8
Device \Driver\volmgr \Device\HarddiskVolume3 859411F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 859241F8
Device \Driver\atapi \Device\Ide\IdePort0 859241F8
Device \Driver\atapi \Device\Ide\IdePort1 859241F8
Device \Driver\atapi \Device\Ide\IdePort2 859241F8
Device \Driver\atapi \Device\Ide\IdePort3 859241F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 859241F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8592B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 8592B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 8592B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 8592B1F8
Device \Driver\ACPI_HAL \Device\00000067 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 86C2A1F8
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 86E881F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{859595A6-7C26-4F36-BD5C-DE05E5D9DAA8} 86C2A1F8
Device \Driver\usbuhci \Device\USBFDO-1 86E881F8
Device \Driver\usbuhci \Device\USBFDO-2 86E881F8
Device \Driver\usbehci \Device\USBFDO-3 86E6F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{7AD6F403-6BE3-464B-89AF-D7A4E701213E} 86C2A1F8
Device \Driver\usbuhci \Device\USBFDO-4 86E881F8
Device \Driver\usbuhci \Device\USBFDO-5 86E881F8
Device \Driver\usbuhci \Device\USBFDO-6 86E881F8
Device \Driver\usbehci \Device\USBFDO-7 86E6F500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
---- EOF - GMER 1.0.15 ----
Logs as follows-
OTL:
OTL logfile created on: 11/07/2011 22:21:50 - Run 11
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\currys\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 36.25% Memory free
5.92 Gb Paging File | 4.29 Gb Available in Paging File | 72.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 59.84 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.55% Space Free | Partition Type: NTFS
Computer Name: CURRYS-PC | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/11 22:20:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL(1).exe
PRC - [2011/06/30 14:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/17 18:15:00 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/06/17 18:14:56 | 000,267,728 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
PRC - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/05/31 01:13:21 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/03/26 10:59:17 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Users\currys\Downloads\BitTorrent-7.2.exe
PRC - [2010/11/24 20:07:33 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/09/26 09:39:12 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/25 13:46:51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/25 13:46:49 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/25 13:46:15 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/25 13:46:11 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/07 12:50:54 | 001,069,568 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
PRC - [2009/12/07 12:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/07/31 18:39:22 | 000,340,176 | ---- | M] (The TechGuys) -- C:\Program Files\The TechGuys\Launch\Launch.exe
PRC - [2008/07/24 04:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.17\OsdService.exe
PRC - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdecoms.exe
========== Modules (SafeList) ==========
MOD - [2011/07/11 22:20:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL(1).exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/09/25 13:47:40 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/05/30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/25 13:46:15 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/25 13:46:11 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/25 07:28:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.17\OsdService.exe -- (OsdService)
SRV - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdecoms.exe -- (lxde_device)
SRV - [2007/05/29 09:06:44 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe -- (lxdeCATSCustConnectService)
========== Driver Services (SafeList) ==========
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/01 17:13:06 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/05/05 16:58:45 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/19 15:16:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/01 21:41:37 | 000,028,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2010/09/25 13:47:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/25 13:47:25 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/30 21:52:19 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/05 10:03:33 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/06/17 22:27:28 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008/03/31 13:02:34 | 000,008,192 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=DSGI&bmod=DSGI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17159
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110522,16932,0,19,0"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\currys\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/06/20 23:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/07/04 17:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 02:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/08 08:51:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}: C:\Users\currys\AppData\Local\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F} [2011/04/23 07:55:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/07/04 17:44:27 | 000,000,000 | ---D | M]
[2011/04/08 08:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions
[2009/12/20 20:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/27 00:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\1nxpicb1.default\extensions
[2011/04/08 08:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 21:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 07:33:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/20 23:19:24 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/07/04 17:44:27 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2011/04/23 07:55:01 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CURRYS\APPDATA\LOCAL\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}
[2011/06/25 02:28:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/08/27 21:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/05 21:29:13 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/02/22 17:44:50 | 000,000,949 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/06/20 07:17:47 | 000,000,100 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ˙ž
O1 - Hosts: 1 2 7 . 0 . 0 . 1 l o c a l h o s t
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Facetheme) - {70C6E9DE-F30E-4A40-8A6F-9572C2328320} - C:\Program Files\Object\bho_project.dll (InternetEngine)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000..\Run: [BitTorrent] C:\Users\currys\Downloads\BitTorrent-7.2.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/07/11 22:15:46 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{03E4A49E-BC16-400C-B15C-5F329835A0A3}
[2011/07/10 22:54:58 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{3815D9DA-758B-41B3-A336-6BB7FAE340F6}
[2011/07/08 17:11:36 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{47C8A9B3-D960-4621-B8DC-1BC1F2CE21EF}
[2011/07/07 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{9D0743A3-5732-4864-B345-D7AFAE199D91}
[2011/07/06 20:32:45 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{EBDA60CA-141B-4E74-B592-E11B1CB23D6C}
[2011/07/05 21:21:38 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{AA8FFFF7-2905-478F-A299-7CB5B978D87A}
[2011/07/05 21:12:26 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/05 21:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/05 21:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/05 21:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/04 18:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2011/07/04 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Convert X to DVD
[2011/06/29 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/29 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/29 20:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/26 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{641A9675-BC25-4F6E-BF19-B55D3C03FFCB}
[2011/06/23 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\currys\Documents\Adobe Scripts
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/21 22:42:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/06/20 13:32:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/20 13:32:38 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/20 13:32:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/20 13:32:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/20 07:24:24 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{56266E5B-7446-4951-A353-909EE50F4311}
[2011/06/20 07:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/06/20 07:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/06/19 19:10:44 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{92351E20-2C6E-431E-B2E4-337927382D00}
[2011/06/17 18:14:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/06/17 18:14:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/06/17 18:14:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/06/17 18:14:46 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/06/17 18:14:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/06/17 18:14:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/06/17 18:14:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/06/17 18:14:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/06/17 18:14:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/06/17 18:14:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/06/16 22:07:43 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/06/16 17:51:19 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{E8BC4339-D765-47CE-97BF-93FA767A5761}
[2011/06/15 23:20:10 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{16140E0F-4610-4C13-B690-AABEEF18B221}
[2011/06/15 06:28:34 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{DA08F109-4064-4556-B40C-2526EB90EA44}
[2011/06/14 20:54:35 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{EA72F643-1950-4FDB-A128-FE97B31AC123}
[2011/06/13 17:00:01 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{33011A79-7C4B-44DD-8A12-231C535B222D}
[2011/06/12 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{171DD9D6-C614-4A96-9A06-A813726EFDAE}
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/05/12 08:08:06 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll
[2010/05/12 08:08:06 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll
[2010/05/12 08:08:06 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll
[2010/05/12 08:08:06 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll
[2010/05/12 08:08:06 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll
[2010/05/12 08:08:06 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdecoms.exe
[2010/05/12 08:08:06 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll
[2010/05/12 08:08:06 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdehcp.dll
[2010/05/12 08:08:06 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdecfg.exe
[2010/05/12 08:08:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll
[2010/05/12 08:08:06 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll
[2010/05/12 08:08:06 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll
[2010/05/12 08:08:06 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdeih.exe
[2010/05/12 08:08:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/07/11 22:18:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 22:17:34 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/11 22:17:34 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/11 22:16:29 | 079,734,956 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/07/11 22:15:10 | 000,001,752 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/11 22:13:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 22:13:03 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/07/11 22:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/11 22:12:10 | 2384,965,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 01:00:24 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/11 01:00:24 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 23:16:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/10 23:13:28 | 266,123,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/06 20:50:34 | 000,001,193 | ---- | M] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/07/05 21:12:22 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/04 22:21:38 | 000,001,057 | ---- | M] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2011/07/04 17:45:11 | 000,001,183 | ---- | M] () -- C:\Users\currys\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/07/04 17:45:10 | 000,001,191 | ---- | M] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | M] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/06/29 20:58:27 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/24 19:52:18 | 003,696,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/21 22:50:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/06/20 06:48:32 | 000,010,564 | -HS- | M] () -- C:\Users\currys\AppData\Local\q23ue037u72
[2011/06/20 06:48:32 | 000,010,564 | -HS- | M] () -- C:\ProgramData\q23ue037u72
[2011/06/17 18:14:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/06/17 18:14:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/06/17 18:14:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/06/17 18:14:46 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/06/17 18:14:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/06/17 18:14:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/06/17 18:14:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/06/17 18:14:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/06/17 18:14:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/06/17 18:14:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/06/16 21:54:14 | 000,013,108 | ---- | M] () -- C:\Users\currys\Documents\brighton smeg.p2g
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/07/11 22:13:35 | 000,001,752 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/05 21:12:22 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/04 17:45:10 | 000,001,191 | ---- | C] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | C] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/07/02 02:53:24 | 266,123,281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/29 20:58:27 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/23 19:55:59 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/06/23 19:54:03 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/06/23 19:53:23 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/06/23 19:51:46 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/06/23 19:51:25 | 000,001,514 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/06/23 19:50:37 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/06/23 19:24:17 | 000,001,193 | ---- | C] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/06/20 06:46:30 | 000,010,564 | -HS- | C] () -- C:\Users\currys\AppData\Local\q23ue037u72
[2011/06/20 06:46:30 | 000,010,564 | -HS- | C] () -- C:\ProgramData\q23ue037u72
[2011/06/16 21:54:14 | 000,013,108 | ---- | C] () -- C:\Users\currys\Documents\brighton smeg.p2g
[2011/05/26 07:24:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/26 07:23:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/23 08:26:49 | 000,001,057 | ---- | C] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2011/04/23 07:55:03 | 000,000,120 | ---- | C] () -- C:\Users\currys\AppData\Local\Hmemukimupewu.dat
[2011/04/23 07:55:03 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\Vzuleregucoruwu.bin
[2010/09/28 17:32:11 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\prvlcl.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/23 17:46:42 | 000,028,240 | ---- | C] () -- C:\Windows\System32\drivers\mssmbios.sys
[2010/08/14 00:18:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/14 00:18:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/14 00:18:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/30 23:27:38 | 000,000,112 | ---- | C] () -- C:\ProgramData\Q81uVs.dat
[2010/07/28 19:53:28 | 000,010,240 | ---- | C] () -- C:\Users\currys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 12:01:48 | 002,848,087 | ---- | C] () -- C:\Users\currys\AppData\Roaming\B.O.B ft Hayley Williams - Airplanes.zip
[2010/05/12 08:08:06 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdeinst.dll
[2010/05/12 08:08:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll
[2010/04/24 13:45:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/04/06 22:15:51 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/06 22:00:21 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/02/26 16:40:15 | 000,001,387 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/06 11:19:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/12/06 11:19:11 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 003,696,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009/07/14 00:24:44 | 000,002,048 | ---- | C] () -- C:\Users\currys\AppData\Local\sLetudr.dll
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/06 08:22:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/05/09 09:17:02 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2009/05/04 15:45:11 | 000,001,220 | ---- | C] () -- C:\Users\currys\AppData\Roaming\wklnhst.dat
[2009/05/02 11:09:42 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/18 14:56:34 | 000,076,118 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2008/06/17 22:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys
[2007/05/24 16:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdedrs.dll
[2007/05/22 10:09:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdecaps.dll
[2007/05/03 15:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll
[2007/04/17 10:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdecnv4.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdevs.dll
========== LOP Check ==========
[2011/01/27 20:08:51 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Azureus
[2010/09/29 17:45:33 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Baym
[2010/04/06 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Birdstep Technology
[2011/07/11 22:59:16 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\BitTorrent
[2011/05/27 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\BitZipper
[2010/04/06 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\DAEMON Tools Lite
[2011/05/22 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Epson
[2010/04/06 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Facebook
[2011/01/16 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\foobar2000
[2010/05/12 08:10:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Lexmark Productivity Studio
[2011/03/11 01:27:01 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Orangeline Interactive
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Samsung
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Template
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\The TechGuys
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Trusteer
[2011/07/04 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Vso
[2011/02/24 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Windows Live Writer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\faye 2\AppData\Roaming\Trusteer
[2010/04/16 06:45:30 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Birdstep Technology
[2010/04/16 06:45:31 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\The TechGuys
[2010/07/10 21:28:51 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Trusteer
[2010/10/02 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\Guest!\AppData\Roaming\Trusteer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\Guest!.currys-PC\AppData\Roaming\Trusteer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\TEMP\AppData\Roaming\Trusteer
[2010/06/20 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\TEMP.currys-PC\AppData\Roaming\Trusteer
[2011/07/11 22:13:03 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2011/05/10 06:53:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\ERDNT\cache\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\ERDNT\cache\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/24 22:23:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/25 02:28:06 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/24 22:23:25 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/24 22:23:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:13EDD51B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:456A69E6
< End of report >
GMER:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-12 23:34:36
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV010J
Running: gmer.exe; Driver: C:\Users\currys\AppData\Local\Temp\fxlirpob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x90FB4FC0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x90FB5A56]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwCreateThread [0x90FEDE20]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwCreateThreadEx [0x90FEDEBE]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwDeleteFile [0x90FECE7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x90FB927C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x90FB92AE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x90FB9410]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x90FB5B2C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x90FB5104]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x90FB52F6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x90FB5428]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x90FB9386]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x90FB92F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x90FB9322]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x90FB9354]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x90FB4F66]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwSetInformationFile [0x90FECEF0]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwSetValueKey [0x90FEDCFC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x90FB4F02]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys ZwTerminateProcess [0x90FECE02]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x90FB4E9E]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 83059339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83092D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83099E48 4 Bytes [C0, 4F, FB, 90] {ROR BYTE [EDI-0x5], 0x90}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 83099EA4 4 Bytes [56, 5A, FB, 90] {PUSH ESI; POP EDX; STI ; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 83099EF8 8 Bytes [20, DE, FE, 90, BE, DE, FE, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 123F 83099F34 8 Bytes [7C, CE, FE, 90, 7C, 92, FB, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 124F 83099F44 4 Bytes [AE, 92, FB, 90] {SCASB ; XCHG EDX, EAX; STI ; NOP }
.text ...
PAGE ntkrnlpa.exe!ZwAlpcDeletePortSection + 1332 83226428 7 Bytes JMP 91F0FE30
? System32\Drivers\spal.sys The system cannot find the path specified. !
PAGE ataport.SYS!DllUnload + 1 8B6FEAD7 4 Bytes JMP 859461D9
.text USBPORT.SYS!DllUnload 91D63D81 5 Bytes JMP 86E721D8
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AF389000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AF389123 629 Bytes [45, 38, AF, FE, 05, 34, 45, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AF389399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F AF3893FF 51 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 53C3 AF389433 96 Bytes [37, AF, 85, C9, 7C, 18, 8D, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] ntdll.dll!KiUserApcDispatcher 76F26F58 5 Bytes JMP 01B89570 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] ntdll.dll!LdrLoadDll 76F422B8 6 Bytes JMP 00E91410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] kernel32.dll!SetUnhandledExceptionFilter 76CD3D01 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] GDI32.dll!BitBlt 762A72C0 6 Bytes PUSH 71730022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!DdeInitializeW 76386048 6 Bytes PUSH 716F0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!CreateWindowExA 7638E18A 6 Bytes JMP 7190000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!CreateWindowExW 76390E51 6 Bytes JMP 7194000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!RegisterClassExW 7639212B 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!RegisterClassW 7639281B 6 Bytes PUSH 71A60022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!GetWindowRect 76397450 6 Bytes PUSH 715F0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!DispatchMessageW 76398E8D 6 Bytes PUSH 716B0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!GetMessageW 76398F97 6 Bytes PUSH 71630022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!TranslateMessage 7639910F 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!PeekMessageW 763991B5 6 Bytes PUSH 71990022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[652] USER32.dll!GetClipboardData 763A4B47 6 Bytes PUSH 71670022; RET
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2792] ntdll.dll!KiUserApcDispatcher 76F26F58 5 Bytes JMP 0043E8F0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2792] WS2_32.dll!getaddrinfo 770D4296 5 Bytes JMP 71A50022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2792] WS2_32.dll!gethostbyname 770E7673 5 Bytes JMP 71AE0022
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B48D042] \SystemRoot\System32\Drivers\spal.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B48D6D6] \SystemRoot\System32\Drivers\spal.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B48D800] \SystemRoot\System32\Drivers\spal.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B48D13E] \SystemRoot\System32\Drivers\spal.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F22437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F05600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F056BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F224B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F18514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F14CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F1506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F15144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73F16671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F1826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F187BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F1901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F1E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F14BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73F22437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73F05600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73F056BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73F224B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73F18514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73F14CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73F1506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73F15144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73F16671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73F1826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73F187BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73F1901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73F1E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4572] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73F14BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\The TechGuys\Launch\Launch.exe[5048] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74FCFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 859261F8
AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 kbfiltr.sys
Device \Driver\volmgr \Device\VolMgrControl 859411F8
Device \Driver\usbuhci \Device\USBPDO-0 86E881F8
Device \Driver\usbuhci \Device\USBPDO-1 86E881F8
Device \Driver\usbuhci \Device\USBPDO-2 86E881F8
Device \Driver\usbehci \Device\USBPDO-3 86E6F500
Device \Driver\usbuhci \Device\USBPDO-4 86E881F8
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBPDO-5 86E881F8
Device \Driver\usbuhci \Device\USBPDO-6 86E881F8
Device \Driver\volmgr \Device\HarddiskVolume1 859411F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 86E6F500
Device \Driver\volmgr \Device\HarddiskVolume2 859411F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 86B7B1F8
Device \Driver\volmgr \Device\HarddiskVolume3 859411F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 859241F8
Device \Driver\atapi \Device\Ide\IdePort0 859241F8
Device \Driver\atapi \Device\Ide\IdePort1 859241F8
Device \Driver\atapi \Device\Ide\IdePort2 859241F8
Device \Driver\atapi \Device\Ide\IdePort3 859241F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 859241F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8592B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 8592B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 8592B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 8592B1F8
Device \Driver\ACPI_HAL \Device\00000067 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 86C2A1F8
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 86E881F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{859595A6-7C26-4F36-BD5C-DE05E5D9DAA8} 86C2A1F8
Device \Driver\usbuhci \Device\USBFDO-1 86E881F8
Device \Driver\usbuhci \Device\USBFDO-2 86E881F8
Device \Driver\usbehci \Device\USBFDO-3 86E6F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{7AD6F403-6BE3-464B-89AF-D7A4E701213E} 86C2A1F8
Device \Driver\usbuhci \Device\USBFDO-4 86E881F8
Device \Driver\usbuhci \Device\USBFDO-5 86E881F8
Device \Driver\usbuhci \Device\USBFDO-6 86E881F8
Device \Driver\usbehci \Device\USBFDO-7 86E6F500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
---- EOF - GMER 1.0.15 ----
#5
Posted 14 July 2011 - 04:51 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Hello,
The ads were indeed caused by malware on your computer
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
Next:
Run OTL
Next:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here
Redirects, ads and most of your problems should be solved by now. Tell me if that's not the case
The ads were indeed caused by malware on your computer
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" for further review.
Next:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
DRV - [2010/06/30 21:52:19 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
IE - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/07/04 17:44:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}: C:\Users\currys\AppData\Local\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F} [2011/04/23 07:55:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/07/04 17:44:27 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\currys\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
[2010/02/22 17:44:50 | 000,000,949 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2011/07/04 17:44:27 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2011/04/23 07:55:01 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CURRYS\APPDATA\LOCAL\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Facetheme) - {70C6E9DE-F30E-4A40-8A6F-9572C2328320} - C:\Program Files\Object\bho_project.dll (InternetEngine)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O37 - HKU\S-1-5-21-2116682330-1956550630-301596514-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2011/07/11 22:15:46 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{03E4A49E-BC16-400C-B15C-5F329835A0A3}
[2011/07/10 22:54:58 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{3815D9DA-758B-41B3-A336-6BB7FAE340F6}
[2011/07/08 17:11:36 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{47C8A9B3-D960-4621-B8DC-1BC1F2CE21EF}
[2011/07/07 23:44:15 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{9D0743A3-5732-4864-B345-D7AFAE199D91}
[2011/07/06 20:32:45 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{EBDA60CA-141B-4E74-B592-E11B1CB23D6C}
[2011/07/05 21:21:38 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{AA8FFFF7-2905-478F-A299-7CB5B978D87A}
[2011/07/04 18:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2011/07/04 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/06/26 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{641A9675-BC25-4F6E-BF19-B55D3C03FFCB}
[2011/06/20 07:24:24 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{56266E5B-7446-4951-A353-909EE50F4311}
[2011/06/19 19:10:44 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{92351E20-2C6E-431E-B2E4-337927382D00}
[2011/06/16 17:51:19 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{E8BC4339-D765-47CE-97BF-93FA767A5761}
[2011/06/15 23:20:10 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{16140E0F-4610-4C13-B690-AABEEF18B221}
[2011/06/15 06:28:34 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{DA08F109-4064-4556-B40C-2526EB90EA44}
[2011/06/14 20:54:35 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{EA72F643-1950-4FDB-A128-FE97B31AC123}
[2011/06/13 17:00:01 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{33011A79-7C4B-44DD-8A12-231C535B222D}
[2011/06/12 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{171DD9D6-C614-4A96-9A06-A813726EFDAE}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/07/11 22:15:10 | 000,001,752 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/11 22:13:03 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/06/20 06:48:32 | 000,010,564 | -HS- | M] () -- C:\Users\currys\AppData\Local\q23ue037u72
[2011/06/20 06:48:32 | 000,010,564 | -HS- | M] () -- C:\ProgramData\q23ue037u72
[2011/07/11 22:13:35 | 000,001,752 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/06/20 06:46:30 | 000,010,564 | -HS- | C] () -- C:\Users\currys\AppData\Local\q23ue037u72
[2011/06/20 06:46:30 | 000,010,564 | -HS- | C] () -- C:\ProgramData\q23ue037u72
[2011/04/23 07:55:03 | 000,000,120 | ---- | C] () -- C:\Users\currys\AppData\Local\Hmemukimupewu.dat
[2011/04/23 07:55:03 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\Vzuleregucoruwu.bin
[2010/07/30 23:27:38 | 000,000,112 | ---- | C] () -- C:\ProgramData\Q81uVs.dat
[2009/07/14 00:24:44 | 000,002,048 | ---- | C] () -- C:\Users\currys\AppData\Local\sLetudr.dll
[2010/04/06 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Facebook
[2011/07/11 22:13:03 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[resethosts]
[EMPTYFLASH]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again.
- Under Extra Registry select Use SafeList
- Under the Custom Scans/Fixes box at the bottom, paste in the following
C:\Users\currys\AppData\Roaming\Baym\*.* /s
/md5start
StarOpen.sys
directport.sys
mssmbios.sys
/md5stop - Click the Run Scan button. Post the two logs it produces in your next reply.
Next:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here
Redirects, ads and most of your problems should be solved by now. Tell me if that's not the case
#6
Posted 14 July 2011 - 11:36 PM
faye1987
- Topic Starter
-
- Member
-
- 36 posts
Member
Hi Michael,
Thanks for looking so quickly, however, when I am trying to run Combofix- i am getting a message saying lavasofa ad-ware live has been detected as running but i can't find it in my system? Any ideas? sorry to be so dim
Thanks for looking so quickly, however, when I am trying to run Combofix- i am getting a message saying lavasofa ad-ware live has been detected as running but i can't find it in my system? Any ideas? sorry to be so dim
#7
Posted 15 July 2011 - 04:45 AM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
OK, run OTL first and then ComboFix. It should work then
#8
Posted 15 July 2011 - 02:05 PM
faye1987
- Topic Starter
-
- Member
-
- 36 posts
Member
Hi Michael,
Logs as follows:
OTL (1)
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...
OTL (2)
OTL logfile created on: 15/07/2011 18:29:53 - Run 12
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\currys\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.90% Memory free
5.92 Gb Paging File | 4.83 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 61.16 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.55% Space Free | Partition Type: NTFS
Computer Name: CURRYS-PC | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/15 18:06:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL(3).exe
PRC - [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/17 18:15:00 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/05/31 01:13:21 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.17\OsdService.exe
PRC - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdecoms.exe
========== Modules (SafeList) ==========
MOD - [2011/07/15 18:06:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL(3).exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/05/25 07:28:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.17\OsdService.exe -- (OsdService)
SRV - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdecoms.exe -- (lxde_device)
SRV - [2007/05/29 09:06:44 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe -- (lxdeCATSCustConnectService)
========== Driver Services (SafeList) ==========
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/01 17:13:06 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/12/19 15:16:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/01 21:41:37 | 000,028,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/05 10:03:33 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/06/17 22:27:28 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008/03/31 13:02:34 | 000,008,192 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=DSGI&bmod=DSGI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17159
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110522,16932,0,19,0"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\currys\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 02:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/08 08:51:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}: C:\Users\currys\AppData\Local\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
[2011/04/08 08:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions
[2009/12/20 20:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/27 00:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\1nxpicb1.default\extensions
[2011/04/08 08:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 21:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 07:33:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/25 02:28:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/08/27 21:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/05 21:29:13 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/07/15 18:11:02 | 000,000,036 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BitTorrent] C:\Users\currys\Downloads\BitTorrent-7.2.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/07/15 17:17:02 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{4701B05F-2A38-4E43-980E-2972B165A6BD}
[2011/07/15 06:44:56 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2011/07/14 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{BD49F6E6-5196-4CE5-9C83-8FA6B581F318}
[2011/07/12 23:43:14 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{A4638D31-0EF9-4B23-B1AF-FAA38186FA73}
[2011/07/12 21:39:51 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/07/12 21:39:51 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/12 21:39:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 21:39:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 21:39:22 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/12 06:18:37 | 000,100,736 | ---- | C] (GMER) -- C:\fxlirpob.sys
[2011/07/05 21:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Convert X to DVD
[2011/06/29 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/29 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/29 20:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/23 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\currys\Documents\Adobe Scripts
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/21 22:42:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/06/20 13:32:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/20 13:32:38 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/20 13:32:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/20 13:32:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/20 07:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/06/20 07:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/06/17 18:14:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/06/17 18:14:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/06/17 18:14:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/06/17 18:14:46 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/06/17 18:14:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/06/17 18:14:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/06/17 18:14:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/06/17 18:14:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/06/17 18:14:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/06/17 18:14:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/06/16 22:07:43 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/05/12 08:08:06 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll
[2010/05/12 08:08:06 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll
[2010/05/12 08:08:06 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll
[2010/05/12 08:08:06 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll
[2010/05/12 08:08:06 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll
[2010/05/12 08:08:06 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdecoms.exe
[2010/05/12 08:08:06 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll
[2010/05/12 08:08:06 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdehcp.dll
[2010/05/12 08:08:06 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdecfg.exe
[2010/05/12 08:08:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll
[2010/05/12 08:08:06 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll
[2010/05/12 08:08:06 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll
[2010/05/12 08:08:06 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdeih.exe
[2010/05/12 08:08:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll
========== Files - Modified Within 30 Days ==========
[2011/07/15 18:18:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/15 18:11:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/15 18:11:02 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/15 18:09:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/15 18:09:40 | 2384,965,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 18:08:57 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 18:08:56 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 06:44:56 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2011/07/15 01:35:50 | 003,696,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/12 06:18:37 | 000,100,736 | ---- | M] (GMER) -- C:\fxlirpob.sys
[2011/07/11 22:17:34 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/11 22:17:34 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/10 23:16:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/10 23:13:28 | 266,123,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/06 20:50:34 | 000,001,193 | ---- | M] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/07/04 22:21:38 | 000,001,057 | ---- | M] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2011/07/04 17:45:11 | 000,001,183 | ---- | M] () -- C:\Users\currys\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/07/04 17:45:10 | 000,001,191 | ---- | M] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | M] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/06/29 20:58:27 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/21 22:50:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/06/17 18:14:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/06/17 18:14:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/06/17 18:14:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/06/17 18:14:46 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/06/17 18:14:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/06/17 18:14:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/06/17 18:14:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/06/17 18:14:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/06/17 18:14:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/06/17 18:14:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/06/16 21:54:14 | 000,013,108 | ---- | M] () -- C:\Users\currys\Documents\brighton smeg.p2g
========== Files Created - No Company Name ==========
[2011/07/12 06:18:00 | 000,302,592 | ---- | C] () -- C:\Users\currys\Desktop\gmer.exe
[2011/07/04 17:45:10 | 000,001,191 | ---- | C] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | C] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/07/02 02:53:24 | 266,123,281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/29 20:58:27 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/23 19:55:59 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/06/23 19:54:03 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/06/23 19:53:23 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/06/23 19:51:46 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/06/23 19:51:25 | 000,001,514 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/06/23 19:50:37 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/06/23 19:24:17 | 000,001,193 | ---- | C] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/06/16 21:54:14 | 000,013,108 | ---- | C] () -- C:\Users\currys\Documents\brighton smeg.p2g
[2011/05/26 07:24:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/26 07:23:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/23 08:26:49 | 000,001,057 | ---- | C] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2010/09/28 17:32:11 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\prvlcl.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/23 17:46:42 | 000,028,240 | ---- | C] () -- C:\Windows\System32\drivers\mssmbios.sys
[2010/08/14 00:18:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/14 00:18:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/14 00:18:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/28 19:53:28 | 000,010,240 | ---- | C] () -- C:\Users\currys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 12:01:48 | 002,848,087 | ---- | C] () -- C:\Users\currys\AppData\Roaming\B.O.B ft Hayley Williams - Airplanes.zip
[2010/05/12 08:08:06 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdeinst.dll
[2010/05/12 08:08:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll
[2010/04/24 13:45:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/04/06 22:15:51 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/06 22:00:21 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/02/26 16:40:15 | 000,001,387 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/06 11:19:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/12/06 11:19:11 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 003,696,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/06 08:22:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/05/09 09:17:02 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2009/05/04 15:45:11 | 000,001,220 | ---- | C] () -- C:\Users\currys\AppData\Roaming\wklnhst.dat
[2009/05/02 11:09:42 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/18 14:56:34 | 000,076,118 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2008/06/17 22:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys
[2007/05/24 16:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdedrs.dll
[2007/05/22 10:09:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdecaps.dll
[2007/05/03 15:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll
[2007/04/17 10:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdecnv4.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdevs.dll
========== Custom Scans ==========
< C:\Users\currys\AppData\Roaming\Baym\*.* /s >
< MD5 for: DIRECTPORT.SYS >
[2008/06/17 22:27:28 | 000,007,168 | ---- | M] () MD5=F1785FB4B89442AAC648492B35EBCDC9 -- C:\Windows\System32\directport.sys
< MD5 for: MSSMBIOS.SYS >
[2010/11/01 21:41:37 | 000,028,240 | ---- | M] () MD5=11F44EB7293FEC68200871EB9F3B5478 -- C:\Windows\System32\drivers\mssmbios.sys
[2009/07/14 02:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) MD5=FC6B9FF600CC585EA38B12589BD4E246 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\mssmbios.sys
[2009/07/14 02:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) MD5=FC6B9FF600CC585EA38B12589BD4E246 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\mssmbios.sys
[2009/07/14 02:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\mssmbios.sys
< MD5 for: STAROPEN.SYS >
[2009/07/05 10:03:33 | 000,005,632 | ---- | M] () MD5=306521935042FC0A6988D528643619B3 -- C:\Program Files\Samsung\Samsung PC Studio 3\StarOpen.sys
[2006/07/24 08:05:00 | 000,005,632 | ---- | M] () MD5=306521935042FC0A6988D528643619B3 -- C:\Program Files\Samsung\Samsung PC Studio 3\Update\UnZipTemp\StarOpen.sys
[2009/07/05 10:03:33 | 000,005,632 | ---- | M] () MD5=306521935042FC0A6988D528643619B3 -- C:\Windows\System32\drivers\StarOpen.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:13EDD51B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:456A69E6
< End of report >
OTL (Extras)
OTL Extras logfile created on: 15/07/2011 18:29:53 - Run 12
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\currys\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.90% Memory free
5.92 Gb Paging File | 4.83 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 61.16 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.55% Space Free | Partition Type: NTFS
Computer Name: CURRYS-PC | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE PHOTO SHOW] -- "C:\Program Files\jessops\Jessops\CEWE PHOTO SHOW.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Jessops] -- "C:\Program Files\jessops\Jessops\Jessops.exe" "%1" ()
Directory [Jessops Photo] -- "C:\Program Files\jessops\Jessops\Jessops Photo.exe" "%1" ()
Directory [My Cewe Photo Book.exe] -- "C:\Program Files\CeWe Color\My Cewe Photo Book\My Cewe Photo Book.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.17
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{795A3A1E-E06A-4214-A2EF-3DDF3BA05C2B}" = STOPzilla
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.16.360
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink RT7x Wireless LAN Card
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BookSmart® 2.5.1 2.5.1" = BookSmart® 2.5.1 2.5.1
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Convert X to DVD" = Convert X to DVD 4.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EADM" = EA Download Manager
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Manual
"ERUNT_is1" = ERUNT 1.1j
"facetheme" = Facetheme
"foobar2000" = foobar2000 v1.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Jessops" = Jessops
"Jessops Photo" = Jessops Photo
"Lexmark 4800 Series" = Lexmark 4800 Series
"Literauto Buddy_is1" = Literauto Buddy 2.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"My Cewe Photo Book" = My Cewe Photo Book
"PowerISO" = PowerISO
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Combofix:
OTL Extras logfile created on: 15/07/2011 18:29:53 - Run 12
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\currys\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.90% Memory free
5.92 Gb Paging File | 4.83 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 61.16 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.55% Space Free | Partition Type: NTFS
Computer Name: CURRYS-PC | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE PHOTO SHOW] -- "C:\Program Files\jessops\Jessops\CEWE PHOTO SHOW.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Jessops] -- "C:\Program Files\jessops\Jessops\Jessops.exe" "%1" ()
Directory [Jessops Photo] -- "C:\Program Files\jessops\Jessops\Jessops Photo.exe" "%1" ()
Directory [My Cewe Photo Book.exe] -- "C:\Program Files\CeWe Color\My Cewe Photo Book\My Cewe Photo Book.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.17
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{795A3A1E-E06A-4214-A2EF-3DDF3BA05C2B}" = STOPzilla
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.16.360
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink RT7x Wireless LAN Card
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BookSmart® 2.5.1 2.5.1" = BookSmart® 2.5.1 2.5.1
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Convert X to DVD" = Convert X to DVD 4.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EADM" = EA Download Manager
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Manual
"ERUNT_is1" = ERUNT 1.1j
"facetheme" = Facetheme
"foobar2000" = foobar2000 v1.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Jessops" = Jessops
"Jessops Photo" = Jessops Photo
"Lexmark 4800 Series" = Lexmark 4800 Series
"Literauto Buddy_is1" = Literauto Buddy 2.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"My Cewe Photo Book" = My Cewe Photo Book
"PowerISO" = PowerISO
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-07-15 20:57:23
-----------------------------
20:57:23.577 OS Version: Windows 6.1.7601 Service Pack 1
20:57:23.577 Number of processors: 2 586 0x170A
20:57:23.577 ComputerName: CURRYS-PC UserName: currys
20:57:25.777 Initialize success
20:57:33.920 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:57:33.936 Disk 0 Vendor: TOSHIBA_MK3252GSX LV010J Size: 305245MB BusType: 11
20:57:36.010 Disk 0 MBR read successfully
20:57:36.010 Disk 0 MBR scan
20:57:36.010 Disk 0 Windows 7 default MBR code
20:57:38.039 Disk 0 scanning sectors +625140400
20:57:38.148 Disk 0 scanning C:\Windows\system32\drivers
20:57:50.454 Service scanning
20:57:51.577 Disk 0 trace - called modules:
20:57:51.624 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8592b1f8]<<
20:57:51.624 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86841030]
20:57:51.624 3 CLASSPNP.SYS[8bbc759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8624b030]
20:57:51.639 \Driver\atapi[0x86241bb8] -> IRP_MJ_CREATE -> 0x8592b1f8
20:57:51.655 Scan finished successfully
20:58:36.773 Disk 0 MBR has been saved successfully to "C:\Users\currys\Desktop\MBR.dat"
20:58:36.789 The log file has been saved successfully to "C:\Users\currys\Desktop\aswMBR.txt"
aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-07-15 21:03:35
-----------------------------
21:03:35.645 OS Version: Windows 6.1.7601 Service Pack 1
21:03:35.645 Number of processors: 2 586 0x170A
21:03:35.645 ComputerName: CURRYS-PC UserName: currys
21:03:36.735 Initialize success
21:03:39.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:03:39.215 Disk 0 Vendor: TOSHIBA_MK3252GSX LV010J Size: 305245MB BusType: 11
21:03:41.275 Disk 0 MBR read successfully
21:03:41.275 Disk 0 MBR scan
21:03:41.285 Disk 0 Windows 7 default MBR code
21:03:43.325 Disk 0 scanning sectors +625140400
21:03:43.435 Disk 0 scanning C:\Windows\system32\drivers
21:03:55.235 Service scanning
21:03:56.395 Disk 0 trace - called modules:
21:03:56.445 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8592b1f8]<<
21:03:56.445 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86841030]
21:03:56.455 3 CLASSPNP.SYS[8bbc759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8624b030]
21:03:56.465 \Driver\atapi[0x86241bb8] -> IRP_MJ_CREATE -> 0x8592b1f8
21:03:56.475 Scan finished successfully
21:04:03.345 Disk 0 MBR has been saved successfully to "C:\Users\currys\Desktop\MBR.dat"
21:04:03.355 The log file has been saved successfully to "C:\Users\currys\Desktop\aswMBR.txt"
I couldn't unzip the DAT file? oh and my facebook is functioning properly again- thank you so much- have a nice weekend
Logs as follows:
OTL (1)
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...
OTL (2)
OTL logfile created on: 15/07/2011 18:29:53 - Run 12
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\currys\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.90% Memory free
5.92 Gb Paging File | 4.83 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 61.16 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.55% Space Free | Partition Type: NTFS
Computer Name: CURRYS-PC | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/15 18:06:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL(3).exe
PRC - [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/17 18:15:00 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/05/31 01:13:21 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.17\OsdService.exe
PRC - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdecoms.exe
========== Modules (SafeList) ==========
MOD - [2011/07/15 18:06:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL(3).exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/05/25 07:28:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.17\OsdService.exe -- (OsdService)
SRV - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdecoms.exe -- (lxde_device)
SRV - [2007/05/29 09:06:44 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe -- (lxdeCATSCustConnectService)
========== Driver Services (SafeList) ==========
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/01 17:13:06 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/12/19 15:16:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/01 21:41:37 | 000,028,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/05 10:03:33 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/06/17 22:27:28 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008/03/31 13:02:34 | 000,008,192 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=DSGI&bmod=DSGI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17159
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110522,16932,0,19,0"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\currys\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 02:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/08 08:51:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}: C:\Users\currys\AppData\Local\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
[2011/04/08 08:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions
[2009/12/20 20:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/27 00:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\1nxpicb1.default\extensions
[2011/04/08 08:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 21:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/18 07:33:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/25 02:28:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/08/27 21:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/05 21:29:13 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/07/15 18:11:02 | 000,000,036 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BitTorrent] C:\Users\currys\Downloads\BitTorrent-7.2.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/07/15 17:17:02 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{4701B05F-2A38-4E43-980E-2972B165A6BD}
[2011/07/15 06:44:56 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2011/07/14 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{BD49F6E6-5196-4CE5-9C83-8FA6B581F318}
[2011/07/12 23:43:14 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{A4638D31-0EF9-4B23-B1AF-FAA38186FA73}
[2011/07/12 21:39:51 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/07/12 21:39:51 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/12 21:39:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 21:39:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 21:39:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 21:39:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 21:39:22 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/12 06:18:37 | 000,100,736 | ---- | C] (GMER) -- C:\fxlirpob.sys
[2011/07/05 21:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Convert X to DVD
[2011/06/29 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/29 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/29 20:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/23 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\currys\Documents\Adobe Scripts
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/21 22:42:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/06/20 13:32:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/20 13:32:38 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/20 13:32:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/20 13:32:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/20 07:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/06/20 07:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/06/17 18:14:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/06/17 18:14:46 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/06/17 18:14:46 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/06/17 18:14:46 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/06/17 18:14:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/06/17 18:14:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/06/17 18:14:44 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/06/17 18:14:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/06/17 18:14:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/06/17 18:14:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/06/16 22:07:43 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/05/12 08:08:06 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll
[2010/05/12 08:08:06 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll
[2010/05/12 08:08:06 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll
[2010/05/12 08:08:06 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll
[2010/05/12 08:08:06 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll
[2010/05/12 08:08:06 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdecoms.exe
[2010/05/12 08:08:06 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll
[2010/05/12 08:08:06 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdehcp.dll
[2010/05/12 08:08:06 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdecfg.exe
[2010/05/12 08:08:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll
[2010/05/12 08:08:06 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll
[2010/05/12 08:08:06 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll
[2010/05/12 08:08:06 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdeih.exe
[2010/05/12 08:08:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll
========== Files - Modified Within 30 Days ==========
[2011/07/15 18:18:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/15 18:11:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/15 18:11:02 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/15 18:09:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/15 18:09:40 | 2384,965,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 18:08:57 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 18:08:56 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 06:44:56 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2011/07/15 01:35:50 | 003,696,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/12 06:18:37 | 000,100,736 | ---- | M] (GMER) -- C:\fxlirpob.sys
[2011/07/11 22:17:34 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/11 22:17:34 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/10 23:16:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/10 23:13:28 | 266,123,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/06 20:50:34 | 000,001,193 | ---- | M] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/07/04 22:21:38 | 000,001,057 | ---- | M] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2011/07/04 17:45:11 | 000,001,183 | ---- | M] () -- C:\Users\currys\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/07/04 17:45:10 | 000,001,191 | ---- | M] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | M] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/06/29 20:58:27 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/21 22:50:38 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/06/17 18:14:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/06/17 18:14:46 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/06/17 18:14:46 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/06/17 18:14:46 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/06/17 18:14:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/06/17 18:14:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/06/17 18:14:44 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/06/17 18:14:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/06/17 18:14:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/06/17 18:14:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/06/17 18:14:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/06/16 21:54:14 | 000,013,108 | ---- | M] () -- C:\Users\currys\Documents\brighton smeg.p2g
========== Files Created - No Company Name ==========
[2011/07/12 06:18:00 | 000,302,592 | ---- | C] () -- C:\Users\currys\Desktop\gmer.exe
[2011/07/04 17:45:10 | 000,001,191 | ---- | C] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | C] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/07/02 02:53:24 | 266,123,281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/29 20:58:27 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/23 19:55:59 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/06/23 19:54:03 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/06/23 19:53:23 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/06/23 19:51:46 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/06/23 19:51:25 | 000,001,514 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/06/23 19:50:37 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/06/23 19:24:17 | 000,001,193 | ---- | C] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/06/16 21:54:14 | 000,013,108 | ---- | C] () -- C:\Users\currys\Documents\brighton smeg.p2g
[2011/05/26 07:24:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/26 07:23:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/23 08:26:49 | 000,001,057 | ---- | C] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2010/09/28 17:32:11 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\prvlcl.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/23 17:46:42 | 000,028,240 | ---- | C] () -- C:\Windows\System32\drivers\mssmbios.sys
[2010/08/14 00:18:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/14 00:18:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/14 00:18:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/28 19:53:28 | 000,010,240 | ---- | C] () -- C:\Users\currys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 12:01:48 | 002,848,087 | ---- | C] () -- C:\Users\currys\AppData\Roaming\B.O.B ft Hayley Williams - Airplanes.zip
[2010/05/12 08:08:06 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdeinst.dll
[2010/05/12 08:08:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll
[2010/04/24 13:45:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/04/06 22:15:51 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/06 22:00:21 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/02/26 16:40:15 | 000,001,387 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/06 11:19:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/12/06 11:19:11 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 003,696,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/06 08:22:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/05/09 09:17:02 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2009/05/04 15:45:11 | 000,001,220 | ---- | C] () -- C:\Users\currys\AppData\Roaming\wklnhst.dat
[2009/05/02 11:09:42 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/18 14:56:34 | 000,076,118 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2008/06/17 22:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys
[2007/05/24 16:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdedrs.dll
[2007/05/22 10:09:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdecaps.dll
[2007/05/03 15:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll
[2007/04/17 10:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdecnv4.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdevs.dll
========== Custom Scans ==========
< C:\Users\currys\AppData\Roaming\Baym\*.* /s >
< MD5 for: DIRECTPORT.SYS >
[2008/06/17 22:27:28 | 000,007,168 | ---- | M] () MD5=F1785FB4B89442AAC648492B35EBCDC9 -- C:\Windows\System32\directport.sys
< MD5 for: MSSMBIOS.SYS >
[2010/11/01 21:41:37 | 000,028,240 | ---- | M] () MD5=11F44EB7293FEC68200871EB9F3B5478 -- C:\Windows\System32\drivers\mssmbios.sys
[2009/07/14 02:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) MD5=FC6B9FF600CC585EA38B12589BD4E246 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\mssmbios.sys
[2009/07/14 02:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) MD5=FC6B9FF600CC585EA38B12589BD4E246 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\mssmbios.sys
[2009/07/14 02:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\mssmbios.sys
< MD5 for: STAROPEN.SYS >
[2009/07/05 10:03:33 | 000,005,632 | ---- | M] () MD5=306521935042FC0A6988D528643619B3 -- C:\Program Files\Samsung\Samsung PC Studio 3\StarOpen.sys
[2006/07/24 08:05:00 | 000,005,632 | ---- | M] () MD5=306521935042FC0A6988D528643619B3 -- C:\Program Files\Samsung\Samsung PC Studio 3\Update\UnZipTemp\StarOpen.sys
[2009/07/05 10:03:33 | 000,005,632 | ---- | M] () MD5=306521935042FC0A6988D528643619B3 -- C:\Windows\System32\drivers\StarOpen.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:13EDD51B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:456A69E6
< End of report >
OTL (Extras)
OTL Extras logfile created on: 15/07/2011 18:29:53 - Run 12
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\currys\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.90% Memory free
5.92 Gb Paging File | 4.83 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 61.16 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.55% Space Free | Partition Type: NTFS
Computer Name: CURRYS-PC | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE PHOTO SHOW] -- "C:\Program Files\jessops\Jessops\CEWE PHOTO SHOW.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Jessops] -- "C:\Program Files\jessops\Jessops\Jessops.exe" "%1" ()
Directory [Jessops Photo] -- "C:\Program Files\jessops\Jessops\Jessops Photo.exe" "%1" ()
Directory [My Cewe Photo Book.exe] -- "C:\Program Files\CeWe Color\My Cewe Photo Book\My Cewe Photo Book.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.17
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{795A3A1E-E06A-4214-A2EF-3DDF3BA05C2B}" = STOPzilla
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.16.360
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink RT7x Wireless LAN Card
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BookSmart® 2.5.1 2.5.1" = BookSmart® 2.5.1 2.5.1
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Convert X to DVD" = Convert X to DVD 4.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EADM" = EA Download Manager
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Manual
"ERUNT_is1" = ERUNT 1.1j
"facetheme" = Facetheme
"foobar2000" = foobar2000 v1.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Jessops" = Jessops
"Jessops Photo" = Jessops Photo
"Lexmark 4800 Series" = Lexmark 4800 Series
"Literauto Buddy_is1" = Literauto Buddy 2.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"My Cewe Photo Book" = My Cewe Photo Book
"PowerISO" = PowerISO
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Combofix:
OTL Extras logfile created on: 15/07/2011 18:29:53 - Run 12
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\currys\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.90% Memory free
5.92 Gb Paging File | 4.83 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 61.16 Gb Free Space | 21.28% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.55% Space Free | Partition Type: NTFS
Computer Name: CURRYS-PC | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE PHOTO SHOW] -- "C:\Program Files\jessops\Jessops\CEWE PHOTO SHOW.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Jessops] -- "C:\Program Files\jessops\Jessops\Jessops.exe" "%1" ()
Directory [Jessops Photo] -- "C:\Program Files\jessops\Jessops\Jessops Photo.exe" "%1" ()
Directory [My Cewe Photo Book.exe] -- "C:\Program Files\CeWe Color\My Cewe Photo Book\My Cewe Photo Book.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.17
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{795A3A1E-E06A-4214-A2EF-3DDF3BA05C2B}" = STOPzilla
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.16.360
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink RT7x Wireless LAN Card
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BookSmart® 2.5.1 2.5.1" = BookSmart® 2.5.1 2.5.1
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Convert X to DVD" = Convert X to DVD 4.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EADM" = EA Download Manager
"EPSON Scanner" = EPSON Scan
"EPSON SX218 Series" = EPSON SX218 Series Printer Uninstall
"EPSON SX218 Series Manual" = EPSON SX218 Series Manual
"ERUNT_is1" = ERUNT 1.1j
"facetheme" = Facetheme
"foobar2000" = foobar2000 v1.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Jessops" = Jessops
"Jessops Photo" = Jessops Photo
"Lexmark 4800 Series" = Lexmark 4800 Series
"Literauto Buddy_is1" = Literauto Buddy 2.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"My Cewe Photo Book" = My Cewe Photo Book
"PowerISO" = PowerISO
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-07-15 20:57:23
-----------------------------
20:57:23.577 OS Version: Windows 6.1.7601 Service Pack 1
20:57:23.577 Number of processors: 2 586 0x170A
20:57:23.577 ComputerName: CURRYS-PC UserName: currys
20:57:25.777 Initialize success
20:57:33.920 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:57:33.936 Disk 0 Vendor: TOSHIBA_MK3252GSX LV010J Size: 305245MB BusType: 11
20:57:36.010 Disk 0 MBR read successfully
20:57:36.010 Disk 0 MBR scan
20:57:36.010 Disk 0 Windows 7 default MBR code
20:57:38.039 Disk 0 scanning sectors +625140400
20:57:38.148 Disk 0 scanning C:\Windows\system32\drivers
20:57:50.454 Service scanning
20:57:51.577 Disk 0 trace - called modules:
20:57:51.624 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8592b1f8]<<
20:57:51.624 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86841030]
20:57:51.624 3 CLASSPNP.SYS[8bbc759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8624b030]
20:57:51.639 \Driver\atapi[0x86241bb8] -> IRP_MJ_CREATE -> 0x8592b1f8
20:57:51.655 Scan finished successfully
20:58:36.773 Disk 0 MBR has been saved successfully to "C:\Users\currys\Desktop\MBR.dat"
20:58:36.789 The log file has been saved successfully to "C:\Users\currys\Desktop\aswMBR.txt"
aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-07-15 21:03:35
-----------------------------
21:03:35.645 OS Version: Windows 6.1.7601 Service Pack 1
21:03:35.645 Number of processors: 2 586 0x170A
21:03:35.645 ComputerName: CURRYS-PC UserName: currys
21:03:36.735 Initialize success
21:03:39.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:03:39.215 Disk 0 Vendor: TOSHIBA_MK3252GSX LV010J Size: 305245MB BusType: 11
21:03:41.275 Disk 0 MBR read successfully
21:03:41.275 Disk 0 MBR scan
21:03:41.285 Disk 0 Windows 7 default MBR code
21:03:43.325 Disk 0 scanning sectors +625140400
21:03:43.435 Disk 0 scanning C:\Windows\system32\drivers
21:03:55.235 Service scanning
21:03:56.395 Disk 0 trace - called modules:
21:03:56.445 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8592b1f8]<<
21:03:56.445 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86841030]
21:03:56.455 3 CLASSPNP.SYS[8bbc759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8624b030]
21:03:56.465 \Driver\atapi[0x86241bb8] -> IRP_MJ_CREATE -> 0x8592b1f8
21:03:56.475 Scan finished successfully
21:04:03.345 Disk 0 MBR has been saved successfully to "C:\Users\currys\Desktop\MBR.dat"
21:04:03.355 The log file has been saved successfully to "C:\Users\currys\Desktop\aswMBR.txt"
I couldn't unzip the DAT file? oh and my facebook is functioning properly again- thank you so much- have a nice weekend
#9
Posted 15 July 2011 - 02:57 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
#11
Posted 16 July 2011 - 07:00 AM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Hello there
Please uninstall:
Next:
Upgrading Java:
Next:
Download SREng
Next:
Run OTL
Next:
Please read carefully and follow these steps.
Please uninstall:
Java™ 6 Update 21
HiJackThis
Facetheme
Next:
Upgrading Java:
- Go here and click Do I have Java
- It will check your current version and then offer to update to the latest version.
- Download and install the latest version
Next:
Download SREng
- Extract it to Desktop and double click SREngLdr.EXE to run it
- Select System Repair from the left pane.
- Click on File Association
- Select all entries that has an Error status click [Repair]
- Refer to this image for an example:
- Close SREng now.
Next:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\currys\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}: C:\Users\currys\AppData\Local\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
:Services
:Reg
:Files
C:\Windows\System32\drivers\mssmbios.sys|C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\mssmbios.sys /replace
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Next:
Please read carefully and follow these steps.
- Download TDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
#12
Posted 18 July 2011 - 11:57 PM
faye1987
- Topic Starter
-
- Member
-
- 36 posts
Member
Hi Michael,
Reports as follows:
OTL 1-
All processes killed
========== OTL ==========
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}: C:\Users\currys\AppData\Local\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F} not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
File move failed. C:\Program Files\STOPzilla!\SZIEBHO.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\Windows\System32\drivers\mssmbios.sys successfully replaced with C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\mssmbios.sys
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: currys
->Temp folder emptied: 936388 bytes
->Temporary Internet Files folder emptied: 18315167 bytes
->Java cache emptied: 383604 bytes
->FireFox cache emptied: 118720776 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2717 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: faye 2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest!
->Temp folder emptied: 0 bytes
User: Guest!.currys-PC
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: TEMP
->Temp folder emptied: 0 bytes
User: TEMP.currys-PC
->Temp folder emptied: 0 bytes
User: TEMP.currys-PC.000
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3438336 bytes
RecycleBin emptied: 1859622556 bytes
Total Files Cleaned = 1,909.00 mb
[EMPTYFLASH]
User: All Users
User: currys
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: faye 2
->Flash cache emptied: 0 bytes
User: Guest
->Flash cache emptied: 0 bytes
User: Guest!
User: Guest!.currys-PC
User: Public
User: TEMP
User: TEMP.currys-PC
User: TEMP.currys-PC.000
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 07192011_005517
Files\Folders moved on Reboot...
File move failed. C:\Program Files\STOPzilla!\SZIEBHO.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
OTL 2-
OTL logfile created on: 19/07/2011 01:03:28 - Run 13
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\currys\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 51.07% Memory free
5.92 Gb Paging File | 4.39 Gb Available in Paging File | 74.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 61.81 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.55% Space Free | Partition Type: NTFS
Computer Name: CURRYS-PC | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/19 00:52:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2011/07/19 00:52:06 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2011/07/10 22:58:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL.exe
PRC - [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/17 18:15:04 | 000,501,200 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\SZOptions.exe
PRC - [2011/06/17 18:15:00 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/05/31 01:13:21 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/14 07:23:24 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/26 10:59:17 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Users\currys\Downloads\BitTorrent-7.2.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/07 12:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/07/31 18:39:22 | 000,340,176 | ---- | M] (The TechGuys) -- C:\Program Files\The TechGuys\Launch\Launch.exe
PRC - [2008/07/24 04:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.17\OsdService.exe
PRC - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdecoms.exe
========== Modules (SafeList) ==========
MOD - [2011/07/10 22:58:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL.exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/05/25 07:28:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.17\OsdService.exe -- (OsdService)
SRV - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdecoms.exe -- (lxde_device)
SRV - [2007/05/29 09:06:44 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe -- (lxdeCATSCustConnectService)
========== Driver Services (SafeList) ==========
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/01 17:13:06 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/12/19 15:16:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/05 10:03:33 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/06/17 22:27:28 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008/03/31 13:02:34 | 000,008,192 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=DSGI&bmod=DSGI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110522,16932,0,19,0"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\currys\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 02:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/19 00:57:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}: C:\Users\currys\AppData\Local\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
[2011/04/08 08:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions
[2009/12/20 20:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/27 00:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\1nxpicb1.default\extensions
[2011/07/19 00:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 21:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/19 00:52:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/25 02:28:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/08/27 21:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2011/07/19 00:52:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/05 21:29:13 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/07/16 07:28:54 | 000,000,036 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BitTorrent] C:\Users\currys\Downloads\BitTorrent-7.2.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/07/19 00:53:16 | 001,895,960 | ---- | C] (Smallfrogs Studio) -- C:\Users\currys\Desktop\SREngLdr.EXE
[2011/07/19 00:32:44 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{E5D0F844-5FA0-4D4E-BC01-3B9A74A8B589}
[2011/07/16 19:31:40 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{42620D60-09E9-44BA-BAA5-CE7F6639E44B}
[2011/07/16 07:31:15 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{0C5D3BE7-C3D0-49F0-84BC-4B907BC71CC0}
[2011/07/15 21:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/07/15 20:44:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/15 20:42:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/15 17:17:02 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{4701B05F-2A38-4E43-980E-2972B165A6BD}
[2011/07/15 06:44:56 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2011/07/14 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{BD49F6E6-5196-4CE5-9C83-8FA6B581F318}
[2011/07/12 23:43:14 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{A4638D31-0EF9-4B23-B1AF-FAA38186FA73}
[2011/07/12 06:18:37 | 000,100,736 | ---- | C] (GMER) -- C:\fxlirpob.sys
[2011/07/05 21:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Convert X to DVD
[2011/06/29 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/29 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/29 20:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/23 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\currys\Documents\Adobe Scripts
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/21 22:42:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/06/20 07:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/06/20 07:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/05/12 08:08:06 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll
[2010/05/12 08:08:06 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll
[2010/05/12 08:08:06 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll
[2010/05/12 08:08:06 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll
[2010/05/12 08:08:06 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll
[2010/05/12 08:08:06 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdecoms.exe
[2010/05/12 08:08:06 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll
[2010/05/12 08:08:06 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdehcp.dll
[2010/05/12 08:08:06 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdecfg.exe
[2010/05/12 08:08:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll
[2010/05/12 08:08:06 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll
[2010/05/12 08:08:06 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll
[2010/05/12 08:08:06 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdeih.exe
[2010/05/12 08:08:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll
========== Files - Modified Within 30 Days ==========
[2011/07/19 01:20:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/19 01:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/19 01:02:21 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/19 01:02:21 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/19 01:01:20 | 000,006,472 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/07/19 00:59:06 | 000,001,704 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/19 00:57:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/19 00:57:05 | 2384,965,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/19 00:56:16 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 00:56:16 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/16 07:44:59 | 000,000,566 | ---- | M] () -- C:\Users\currys\Desktop\MBR.zip
[2011/07/16 07:28:54 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/16 07:27:51 | 003,696,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/15 21:31:40 | 000,105,447 | ---- | M] () -- C:\Users\currys\Documents\luke.jpg
[2011/07/15 21:10:55 | 000,112,881 | ---- | M] () -- C:\Users\currys\Documents\1.1183306844.warwick-castle.jpg
[2011/07/15 21:10:30 | 000,013,839 | ---- | M] () -- C:\Users\currys\Documents\306.jpg
[2011/07/15 21:04:03 | 000,000,512 | ---- | M] () -- C:\Users\currys\Desktop\MBR.dat
[2011/07/15 19:28:35 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2011/07/12 06:18:37 | 000,100,736 | ---- | M] (GMER) -- C:\fxlirpob.sys
[2011/07/10 23:13:28 | 266,123,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/06 20:50:34 | 000,001,193 | ---- | M] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/07/04 22:21:38 | 000,001,057 | ---- | M] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2011/07/04 17:45:11 | 000,001,183 | ---- | M] () -- C:\Users\currys\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/07/04 17:45:10 | 000,001,191 | ---- | M] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | M] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/06/29 20:58:27 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
========== Files Created - No Company Name ==========
[2011/07/19 01:01:02 | 000,006,472 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/07/19 00:58:35 | 000,001,704 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/16 07:44:59 | 000,000,566 | ---- | C] () -- C:\Users\currys\Desktop\MBR.zip
[2011/07/15 21:31:37 | 000,105,447 | ---- | C] () -- C:\Users\currys\Documents\luke.jpg
[2011/07/15 21:10:54 | 000,112,881 | ---- | C] () -- C:\Users\currys\Documents\1.1183306844.warwick-castle.jpg
[2011/07/15 21:10:29 | 000,013,839 | ---- | C] () -- C:\Users\currys\Documents\306.jpg
[2011/07/15 20:58:36 | 000,000,512 | ---- | C] () -- C:\Users\currys\Desktop\MBR.dat
[2011/07/15 20:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/12 06:18:00 | 000,302,592 | ---- | C] () -- C:\Users\currys\Desktop\gmer.exe
[2011/07/04 17:45:10 | 000,001,191 | ---- | C] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | C] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/07/02 02:53:24 | 266,123,281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/29 20:58:27 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/23 19:55:59 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/06/23 19:54:03 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/06/23 19:53:23 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/06/23 19:51:46 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/06/23 19:51:25 | 000,001,514 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/06/23 19:50:37 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/06/23 19:24:17 | 000,001,193 | ---- | C] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/05/26 07:24:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/26 07:23:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/23 08:26:49 | 000,001,057 | ---- | C] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2010/09/28 17:32:11 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\prvlcl.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/14 00:18:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/14 00:18:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/14 00:18:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/28 19:53:28 | 000,010,240 | ---- | C] () -- C:\Users\currys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 12:01:48 | 002,848,087 | ---- | C] () -- C:\Users\currys\AppData\Roaming\B.O.B ft Hayley Williams - Airplanes.zip
[2010/05/12 08:08:06 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdeinst.dll
[2010/05/12 08:08:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll
[2010/04/24 13:45:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/04/06 22:15:51 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/06 22:00:21 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/02/26 16:40:15 | 000,001,387 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/06 11:19:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/12/06 11:19:11 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 003,696,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/06 08:22:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/05/09 09:17:02 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2009/05/04 15:45:11 | 000,001,220 | ---- | C] () -- C:\Users\currys\AppData\Roaming\wklnhst.dat
[2009/05/02 11:09:42 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/18 14:56:34 | 000,076,118 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2008/06/17 22:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys
[2007/05/24 16:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdedrs.dll
[2007/05/22 10:09:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdecaps.dll
[2007/05/03 15:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll
[2007/04/17 10:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdecnv4.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdevs.dll
========== LOP Check ==========
[2011/01/27 20:08:51 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Azureus
[2010/09/29 17:45:33 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Baym
[2010/04/06 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Birdstep Technology
[2011/07/19 01:47:11 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\BitTorrent
[2011/05/27 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\BitZipper
[2010/04/06 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\DAEMON Tools Lite
[2011/05/22 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Epson
[2011/01/16 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\foobar2000
[2010/05/12 08:10:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Lexmark Productivity Studio
[2011/03/11 01:27:01 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Orangeline Interactive
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Samsung
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Template
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\The TechGuys
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Trusteer
[2011/07/04 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Vso
[2011/02/24 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Windows Live Writer
[2011/05/10 06:53:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:13EDD51B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:456A69E6
< End of report >
TDS-
2011/07/19 06:51:45.0014 1460 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/19 06:51:45.0254 1460 ================================================================================
2011/07/19 06:51:45.0254 1460 SystemInfo:
2011/07/19 06:51:45.0254 1460
2011/07/19 06:51:45.0254 1460 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/19 06:51:45.0255 1460 Product type: Workstation
2011/07/19 06:51:45.0255 1460 ComputerName: CURRYS-PC
2011/07/19 06:51:45.0255 1460 UserName: currys
2011/07/19 06:51:45.0255 1460 Windows directory: C:\Windows
2011/07/19 06:51:45.0255 1460 System windows directory: C:\Windows
2011/07/19 06:51:45.0255 1460 Processor architecture: Intel x86
2011/07/19 06:51:45.0255 1460 Number of processors: 2
2011/07/19 06:51:45.0255 1460 Page size: 0x1000
2011/07/19 06:51:45.0255 1460 Boot type: Normal boot
2011/07/19 06:51:45.0255 1460 ================================================================================
2011/07/19 06:51:46.0485 1460 Initialize success
2011/07/19 06:51:57.0219 0892 ================================================================================
2011/07/19 06:51:57.0220 0892 Scan started
2011/07/19 06:51:57.0220 0892 Mode: Manual;
2011/07/19 06:51:57.0220 0892 ================================================================================
2011/07/19 06:51:57.0922 0892 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/19 06:51:58.0130 0892 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/19 06:51:58.0311 0892 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/19 06:51:58.0536 0892 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/19 06:51:58.0703 0892 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/19 06:51:58.0741 0892 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/19 06:51:58.0953 0892 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/19 06:51:59.0131 0892 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/19 06:51:59.0236 0892 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/19 06:51:59.0397 0892 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/19 06:51:59.0482 0892 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/19 06:51:59.0583 0892 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/19 06:51:59.0656 0892 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/19 06:51:59.0695 0892 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/19 06:51:59.0825 0892 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/07/19 06:51:59.0937 0892 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/19 06:52:00.0079 0892 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/07/19 06:52:00.0183 0892 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/19 06:52:00.0392 0892 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/19 06:52:00.0429 0892 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/19 06:52:00.0911 0892 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/19 06:52:01.0077 0892 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/19 06:52:01.0352 0892 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/19 06:52:01.0539 0892 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/19 06:52:01.0723 0892 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/19 06:52:01.0873 0892 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/19 06:52:02.0044 0892 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/19 06:52:02.0171 0892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/19 06:52:02.0226 0892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/19 06:52:02.0359 0892 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/19 06:52:02.0423 0892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/19 06:52:02.0540 0892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/19 06:52:02.0611 0892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/19 06:52:02.0765 0892 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/19 06:52:02.0911 0892 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/19 06:52:03.0099 0892 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/19 06:52:03.0238 0892 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/19 06:52:03.0324 0892 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/19 06:52:03.0466 0892 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/19 06:52:03.0551 0892 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/19 06:52:03.0684 0892 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/19 06:52:03.0741 0892 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/19 06:52:03.0874 0892 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/19 06:52:03.0991 0892 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/19 06:52:04.0155 0892 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/07/19 06:52:04.0281 0892 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/19 06:52:04.0419 0892 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/19 06:52:04.0479 0892 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/19 06:52:04.0640 0892 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/19 06:52:04.0719 0892 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/19 06:52:04.0944 0892 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/19 06:52:05.0191 0892 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/19 06:52:05.0255 0892 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/19 06:52:05.0454 0892 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/19 06:52:05.0494 0892 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/19 06:52:05.0666 0892 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/19 06:52:05.0734 0892 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/19 06:52:05.0984 0892 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/19 06:52:06.0106 0892 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/19 06:52:06.0186 0892 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/19 06:52:06.0365 0892 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/19 06:52:06.0425 0892 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/19 06:52:06.0581 0892 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/19 06:52:06.0660 0892 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/19 06:52:06.0907 0892 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/19 06:52:06.0973 0892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/19 06:52:07.0042 0892 GpdDevDPort (f1785fb4b89442aac648492b35ebcdc9) C:\Windows\system32\directport.sys
2011/07/19 06:52:07.0135 0892 GpdKbFilter (e48c4e69e2126aac01888c60cc6ed966) C:\Windows\system32\kbfiltr.sys
2011/07/19 06:52:07.0435 0892 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/19 06:52:07.0502 0892 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/19 06:52:07.0665 0892 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/19 06:52:07.0709 0892 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/19 06:52:07.0869 0892 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/19 06:52:07.0942 0892 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/07/19 06:52:08.0149 0892 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/19 06:52:08.0227 0892 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/19 06:52:08.0387 0892 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/19 06:52:08.0465 0892 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/19 06:52:08.0609 0892 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/19 06:52:08.0807 0892 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/07/19 06:52:09.0206 0892 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/19 06:52:09.0606 0892 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/19 06:52:09.0746 0892 IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/19 06:52:09.0929 0892 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/19 06:52:10.0010 0892 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/19 06:52:10.0118 0892 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/19 06:52:10.0213 0892 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/19 06:52:10.0345 0892 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/19 06:52:10.0581 0892 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/19 06:52:10.0780 0892 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys
2011/07/19 06:52:11.0405 0892 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/19 06:52:11.0880 0892 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/19 06:52:12.0222 0892 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/19 06:52:12.0448 0892 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/19 06:52:12.0552 0892 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/19 06:52:12.0827 0892 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/19 06:52:13.0136 0892 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/19 06:52:13.0664 0892 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/19 06:52:13.0940 0892 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/19 06:52:14.0598 0892 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/19 06:52:14.0741 0892 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/19 06:52:14.0901 0892 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/19 06:52:15.0250 0892 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/19 06:52:15.0677 0892 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/19 06:52:15.0979 0892 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/19 06:52:16.0334 0892 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/19 06:52:17.0346 0892 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/07/19 06:52:18.0523 0892 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/19 06:52:18.0989 0892 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/19 06:52:20.0243 0892 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/19 06:52:21.0556 0892 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/19 06:52:21.0725 0892 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/07/19 06:52:21.0811 0892 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/07/19 06:52:22.0256 0892 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/19 06:52:23.0016 0892 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/19 06:52:23.0438 0892 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/19 06:52:23.0673 0892 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/19 06:52:24.0114 0892 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/19 06:52:24.0328 0892 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/19 06:52:24.0692 0892 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/19 06:52:25.0130 0892 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/19 06:52:25.0847 0892 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/19 06:52:26.0398 0892 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/19 06:52:27.0065 0892 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/19 06:52:27.0613 0892 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/19 06:52:29.0087 0892 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/19 06:52:30.0357 0892 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/19 06:52:30.0912 0892 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/19 06:52:31.0710 0892 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/19 06:52:32.0061 0892 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/19 06:52:32.0583 0892 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/19 06:52:33.0541 0892 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/19 06:52:34.0510 0892 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/19 06:52:34.0925 0892 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/19 06:52:35.0538 0892 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/19 06:52:36.0316 0892 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/19 06:52:37.0086 0892 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/19 06:52:38.0033 0892 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/19 06:52:38.0318 0892 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/19 06:52:39.0098 0892 netr73 (00ebe302169c7b783a29b6df3c9e5b28) C:\Windows\system32\DRIVERS\netr73.sys
2011/07/19 06:52:39.0366 0892 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/19 06:52:39.0728 0892 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/19 06:52:40.0126 0892 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/19 06:52:40.0255 0892 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/07/19 06:52:40.0449 0892 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/19 06:52:40.0531 0892 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/07/19 06:52:40.0777 0892 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/07/19 06:52:40.0895 0892 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/19 06:52:41.0157 0892 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/19 06:52:41.0416 0892 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/19 06:52:41.0501 0892 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/19 06:52:41.0675 0892 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/19 06:52:41.0780 0892 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/19 06:52:41.0844 0892 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/19 06:52:42.0001 0892 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/19 06:52:42.0068 0892 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/19 06:52:42.0243 0892 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/19 06:52:42.0506 0892 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/19 06:52:42.0535 0892 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/19 06:52:42.0710 0892 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/19 06:52:42.0820 0892 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/19 06:52:43.0154 0892 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/19 06:52:43.0504 0892 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/19 06:52:43.0845 0892 RapportCerberus_26762 (7bf4f7e3ff7067b80b7d3d1e031bcb0e) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys
2011/07/19 06:52:43.0940 0892 RapportCerberus_28711 (0308af6ac1758f078f59d6a14f0bfaa9) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus32_28711.sys
2011/07/19 06:52:44.0114 0892 RapportEI (d299e4973da2dc9ded9066232e99e3d2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/07/19 06:52:44.0249 0892 RapportKELL (b4fedb7c55968ebe2bb9b8d7612eb2d5) C:\Windows\system32\Drivers\RapportKELL.sys
2011/07/19 06:52:44.0421 0892 RapportPG (352cae4a3c3b6f6ccdaa246a0a6a61c6) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/07/19 06:52:44.0580 0892 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/19 06:52:44.0648 0892 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/19 06:52:44.0781 0892 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/19 06:52:44.0960 0892 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/19 06:52:45.0016 0892 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/19 06:52:45.0422 0892 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/19 06:52:45.0531 0892 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/19 06:52:45.0650 0892 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/19 06:52:46.0120 0892 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/07/19 06:52:46.0322 0892 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/19 06:52:46.0368 0892 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/19 06:52:46.0683 0892 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/07/19 06:52:46.0749 0892 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/19 06:52:46.0993 0892 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/19 06:52:47.0238 0892 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/19 06:52:47.0401 0892 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/19 06:52:47.0467 0892 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/07/19 06:52:47.0605 0892 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/19 06:52:47.0801 0892 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/07/19 06:52:47.0863 0892 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/19 06:52:48.0051 0892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/19 06:52:48.0114 0892 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/19 06:52:48.0286 0892 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/19 06:52:48.0340 0892 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/19 06:52:48.0535 0892 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/19 06:52:48.0562 0892 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/19 06:52:48.0591 0892 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/19 06:52:48.0658 0892 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/19 06:52:48.0813 0892 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/19 06:52:48.0900 0892 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/19 06:52:48.0997 0892 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/19 06:52:49.0085 0892 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/19 06:52:49.0202 0892 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/19 06:52:49.0303 0892 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/07/19 06:52:49.0303 0892 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/19 06:52:49.0319 0892 sptd - detected LockedFile.Multi.Generic (1)
2011/07/19 06:52:49.0438 0892 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/19 06:52:49.0498 0892 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/19 06:52:49.0621 0892 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/19 06:52:49.0695 0892 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/07/19 06:52:49.0827 0892 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/19 06:52:49.0926 0892 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/19 06:52:50.0049 0892 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/07/19 06:52:50.0117 0892 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/19 06:52:50.0351 0892 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\DRIVERS\szkg.sys
2011/07/19 06:52:50.0467 0892 szkgfs (410a02a920fa9daeec56364e839597c1) C:\Windows\system32\drivers\szkgfs.sys
2011/07/19 06:52:50.0594 0892 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/19 06:52:50.0765 0892 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/19 06:52:50.0942 0892 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/19 06:52:51.0002 0892 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/19 06:52:51.0027 0892 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/19 06:52:51.0198 0892 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/19 06:52:51.0255 0892 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/19 06:52:51.0488 0892 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/19 06:52:51.0563 0892 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/19 06:52:51.0745 0892 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/19 06:52:51.0804 0892 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/19 06:52:51.0968 0892 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/19 06:52:52.0169 0892 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/19 06:52:52.0244 0892 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/19 06:52:52.0392 0892 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/19 06:52:52.0593 0892 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/19 06:52:52.0664 0892 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/07/19 06:52:52.0833 0892 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/19 06:52:52.0904 0892 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
2011/07/19 06:52:53.0079 0892 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/07/19 06:52:53.0149 0892 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
2011/07/19 06:52:53.0378 0892 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/19 06:52:53.0545 0892 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/19 06:52:53.0620 0892 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/19 06:52:53.0777 0892 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/07/19 06:52:53.0841 0892 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/19 06:52:54.0000 0892 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/07/19 06:52:54.0086 0892 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/19 06:52:54.0280 0892 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/19 06:52:54.0319 0892 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/19 06:52:54.0501 0892 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/19 06:52:54.0569 0892 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/19 06:52:54.0731 0892 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/19 06:52:55.0058 0892 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/19 06:52:55.0293 0892 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/07/19 06:52:55.0359 0892 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/19 06:52:55.0525 0892 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/19 06:52:55.0577 0892 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/19 06:52:55.0729 0892 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/19 06:52:55.0800 0892 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/19 06:52:55.0942 0892 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/19 06:52:56.0031 0892 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/19 06:52:56.0157 0892 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/19 06:52:56.0250 0892 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/19 06:52:56.0469 0892 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/19 06:52:56.0490 0892 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/19 06:52:56.0700 0892 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/19 06:52:56.0758 0892 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/19 06:52:56.0943 0892 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/19 06:52:57.0002 0892 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/19 06:52:57.0231 0892 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/19 06:52:57.0495 0892 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/19 06:52:57.0766 0892 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/19 06:52:58.0070 0892 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/19 06:52:58.0273 0892 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/19 06:52:58.0469 0892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/19 06:52:58.0502 0892 Boot (0x1200) (3d6de53591271eda17a8dfae6010d173) \Device\Harddisk0\DR0\Partition0
2011/07/19 06:52:58.0529 0892 Boot (0x1200) (d3659ef7ae78599e392e0b73a8fc0133) \Device\Harddisk0\DR0\Partition1
2011/07/19 06:52:58.0537 0892 ================================================================================
2011/07/19 06:52:58.0537 0892 Scan finished
2011/07/19 06:52:58.0537 0892 ================================================================================
2011/07/19 06:52:58.0555 2680 Detected object count: 1
2011/07/19 06:52:58.0555 2680 Actual detected object count: 1
2011/07/19 06:53:19.0251 2680 LockedFile.Multi.Generic(sptd) - User select action: Skip
Reports as follows:
OTL 1-
All processes killed
========== OTL ==========
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}: C:\Users\currys\AppData\Local\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F} not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
File move failed. C:\Program Files\STOPzilla!\SZIEBHO.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\Windows\System32\drivers\mssmbios.sys successfully replaced with C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\mssmbios.sys
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: currys
->Temp folder emptied: 936388 bytes
->Temporary Internet Files folder emptied: 18315167 bytes
->Java cache emptied: 383604 bytes
->FireFox cache emptied: 118720776 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2717 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: faye 2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest!
->Temp folder emptied: 0 bytes
User: Guest!.currys-PC
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: TEMP
->Temp folder emptied: 0 bytes
User: TEMP.currys-PC
->Temp folder emptied: 0 bytes
User: TEMP.currys-PC.000
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3438336 bytes
RecycleBin emptied: 1859622556 bytes
Total Files Cleaned = 1,909.00 mb
[EMPTYFLASH]
User: All Users
User: currys
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: faye 2
->Flash cache emptied: 0 bytes
User: Guest
->Flash cache emptied: 0 bytes
User: Guest!
User: Guest!.currys-PC
User: Public
User: TEMP
User: TEMP.currys-PC
User: TEMP.currys-PC.000
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 07192011_005517
Files\Folders moved on Reboot...
File move failed. C:\Program Files\STOPzilla!\SZIEBHO.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
OTL 2-
OTL logfile created on: 19/07/2011 01:03:28 - Run 13
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\currys\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 51.07% Memory free
5.92 Gb Paging File | 4.39 Gb Available in Paging File | 74.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.35 Gb Total Space | 61.81 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.55% Space Free | Partition Type: NTFS
Computer Name: CURRYS-PC | User Name: currys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/07/19 00:52:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2011/07/19 00:52:06 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2011/07/10 22:58:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL.exe
PRC - [2011/06/25 02:28:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/17 18:15:04 | 000,501,200 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\SZOptions.exe
PRC - [2011/06/17 18:15:00 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/05/31 01:13:21 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/14 07:23:24 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/26 10:59:17 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Users\currys\Downloads\BitTorrent-7.2.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/04/12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/07 12:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/07/31 18:39:22 | 000,340,176 | ---- | M] (The TechGuys) -- C:\Program Files\The TechGuys\Launch\Launch.exe
PRC - [2008/07/24 04:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.17\OsdService.exe
PRC - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdecoms.exe
========== Modules (SafeList) ==========
MOD - [2011/07/10 22:58:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\currys\Downloads\OTL.exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/17 18:14:56 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/05/25 07:28:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/02/22 10:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.17\OsdService.exe -- (OsdService)
SRV - [2007/05/29 09:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdecoms.exe -- (lxde_device)
SRV - [2007/05/29 09:06:44 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe -- (lxdeCATSCustConnectService)
========== Driver Services (SafeList) ==========
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/06/01 17:13:06 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/12/19 15:16:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/04/12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/05 10:03:33 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/06/17 22:27:28 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008/03/31 13:02:34 | 000,008,192 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=DSGI&bmod=DSGI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110522,16932,0,19,0"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\currys\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 02:28:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/19 00:57:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}: C:\Users\currys\AppData\Local\{DBDBE3A4-CC34-487C-AC52-A3ED36D30B3F}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
[2011/04/08 08:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions
[2009/12/20 20:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/05/27 00:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\currys\AppData\Roaming\mozilla\Firefox\Profiles\1nxpicb1.default\extensions
[2011/07/19 00:52:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 21:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/19 00:52:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/25 02:28:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/07/17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/08/27 21:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll
[2011/07/19 00:52:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/05 21:29:13 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/07/16 07:28:54 | 000,000,036 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BitTorrent] C:\Users\currys\Downloads\BitTorrent-7.2.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\currys\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/07/19 00:53:16 | 001,895,960 | ---- | C] (Smallfrogs Studio) -- C:\Users\currys\Desktop\SREngLdr.EXE
[2011/07/19 00:32:44 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{E5D0F844-5FA0-4D4E-BC01-3B9A74A8B589}
[2011/07/16 19:31:40 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{42620D60-09E9-44BA-BAA5-CE7F6639E44B}
[2011/07/16 07:31:15 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{0C5D3BE7-C3D0-49F0-84BC-4B907BC71CC0}
[2011/07/15 21:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/07/15 20:44:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/15 20:42:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/15 17:17:02 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{4701B05F-2A38-4E43-980E-2972B165A6BD}
[2011/07/15 06:44:56 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2011/07/14 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{BD49F6E6-5196-4CE5-9C83-8FA6B581F318}
[2011/07/12 23:43:14 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Local\{A4638D31-0EF9-4B23-B1AF-FAA38186FA73}
[2011/07/12 06:18:37 | 000,100,736 | ---- | C] (GMER) -- C:\fxlirpob.sys
[2011/07/05 21:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\currys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert X to DVD
[2011/07/04 17:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Convert X to DVD
[2011/06/29 20:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/29 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/29 20:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/23 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\currys\Documents\Adobe Scripts
[2011/06/22 18:01:26 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/06/21 22:42:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/06/20 07:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/06/20 07:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/06/20 07:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/05/12 08:08:06 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll
[2010/05/12 08:08:06 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll
[2010/05/12 08:08:06 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll
[2010/05/12 08:08:06 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll
[2010/05/12 08:08:06 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll
[2010/05/12 08:08:06 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdecoms.exe
[2010/05/12 08:08:06 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll
[2010/05/12 08:08:06 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdehcp.dll
[2010/05/12 08:08:06 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdecfg.exe
[2010/05/12 08:08:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll
[2010/05/12 08:08:06 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll
[2010/05/12 08:08:06 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll
[2010/05/12 08:08:06 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdeih.exe
[2010/05/12 08:08:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll
========== Files - Modified Within 30 Days ==========
[2011/07/19 01:20:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/19 01:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/19 01:02:21 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/19 01:02:21 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/19 01:01:20 | 000,006,472 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/07/19 00:59:06 | 000,001,704 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/19 00:57:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/19 00:57:05 | 2384,965,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/19 00:56:16 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 00:56:16 | 000,009,136 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/16 07:44:59 | 000,000,566 | ---- | M] () -- C:\Users\currys\Desktop\MBR.zip
[2011/07/16 07:28:54 | 000,000,036 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/16 07:27:51 | 003,696,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/15 21:31:40 | 000,105,447 | ---- | M] () -- C:\Users\currys\Documents\luke.jpg
[2011/07/15 21:10:55 | 000,112,881 | ---- | M] () -- C:\Users\currys\Documents\1.1183306844.warwick-castle.jpg
[2011/07/15 21:10:30 | 000,013,839 | ---- | M] () -- C:\Users\currys\Documents\306.jpg
[2011/07/15 21:04:03 | 000,000,512 | ---- | M] () -- C:\Users\currys\Desktop\MBR.dat
[2011/07/15 19:28:35 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP113.SYS
[2011/07/12 06:18:37 | 000,100,736 | ---- | M] (GMER) -- C:\fxlirpob.sys
[2011/07/10 23:13:28 | 266,123,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/06 20:50:34 | 000,001,193 | ---- | M] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/07/04 22:21:38 | 000,001,057 | ---- | M] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2011/07/04 17:45:11 | 000,001,183 | ---- | M] () -- C:\Users\currys\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2011/07/04 17:45:10 | 000,001,191 | ---- | M] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | M] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/06/29 20:58:27 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
========== Files Created - No Company Name ==========
[2011/07/19 01:01:02 | 000,006,472 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/07/19 00:58:35 | 000,001,704 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/07/16 07:44:59 | 000,000,566 | ---- | C] () -- C:\Users\currys\Desktop\MBR.zip
[2011/07/15 21:31:37 | 000,105,447 | ---- | C] () -- C:\Users\currys\Documents\luke.jpg
[2011/07/15 21:10:54 | 000,112,881 | ---- | C] () -- C:\Users\currys\Documents\1.1183306844.warwick-castle.jpg
[2011/07/15 21:10:29 | 000,013,839 | ---- | C] () -- C:\Users\currys\Documents\306.jpg
[2011/07/15 20:58:36 | 000,000,512 | ---- | C] () -- C:\Users\currys\Desktop\MBR.dat
[2011/07/15 20:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/12 06:18:00 | 000,302,592 | ---- | C] () -- C:\Users\currys\Desktop\gmer.exe
[2011/07/04 17:45:10 | 000,001,191 | ---- | C] () -- C:\Users\currys\Desktop\ConvertXtoDVD 4.lnk
[2011/07/04 17:44:27 | 000,001,101 | ---- | C] () -- C:\Users\currys\Desktop\Convert X to DVD.lnk
[2011/07/02 02:53:24 | 266,123,281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/29 20:58:27 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/23 19:55:59 | 000,001,186 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/06/23 19:54:03 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/06/23 19:53:23 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/06/23 19:51:46 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/06/23 19:51:25 | 000,001,514 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/06/23 19:50:37 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/06/23 19:24:17 | 000,001,193 | ---- | C] () -- C:\Users\currys\Desktop\Downloads - Shortcut.lnk
[2011/05/26 07:24:55 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/26 07:23:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/23 08:26:49 | 000,001,057 | ---- | C] () -- C:\Users\currys\AppData\Roaming\vso_ts_preview.xml
[2010/09/28 17:32:11 | 000,000,000 | ---- | C] () -- C:\Users\currys\AppData\Local\prvlcl.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/14 00:18:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/14 00:18:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/14 00:18:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/28 19:53:28 | 000,010,240 | ---- | C] () -- C:\Users\currys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/19 12:01:48 | 002,848,087 | ---- | C] () -- C:\Users\currys\AppData\Roaming\B.O.B ft Hayley Williams - Airplanes.zip
[2010/05/12 08:08:06 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdeinst.dll
[2010/05/12 08:08:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll
[2010/04/24 13:45:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/04/06 22:15:51 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/06 22:00:21 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/02/26 16:40:15 | 000,001,387 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/06 11:19:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/12/06 11:19:11 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 003,696,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,619,642 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,107,792 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/06 08:22:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/05/09 09:17:02 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2009/05/04 15:45:11 | 000,001,220 | ---- | C] () -- C:\Users\currys\AppData\Roaming\wklnhst.dat
[2009/05/02 11:09:42 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/18 14:56:34 | 000,076,118 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2008/06/17 22:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys
[2007/05/24 16:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdedrs.dll
[2007/05/22 10:09:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdecaps.dll
[2007/05/03 15:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll
[2007/04/17 10:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdecnv4.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdevs.dll
========== LOP Check ==========
[2011/01/27 20:08:51 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Azureus
[2010/09/29 17:45:33 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Baym
[2010/04/06 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Birdstep Technology
[2011/07/19 01:47:11 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\BitTorrent
[2011/05/27 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\BitZipper
[2010/04/06 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\DAEMON Tools Lite
[2011/05/22 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Epson
[2011/01/16 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\foobar2000
[2010/05/12 08:10:13 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Lexmark Productivity Studio
[2011/03/11 01:27:01 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Orangeline Interactive
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Samsung
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Template
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\The TechGuys
[2010/04/06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Trusteer
[2011/07/04 22:17:30 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Vso
[2011/02/24 00:25:29 | 000,000,000 | ---D | M] -- C:\Users\currys\AppData\Roaming\Windows Live Writer
[2011/05/10 06:53:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:13EDD51B
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:456A69E6
< End of report >
TDS-
2011/07/19 06:51:45.0014 1460 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/19 06:51:45.0254 1460 ================================================================================
2011/07/19 06:51:45.0254 1460 SystemInfo:
2011/07/19 06:51:45.0254 1460
2011/07/19 06:51:45.0254 1460 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/19 06:51:45.0255 1460 Product type: Workstation
2011/07/19 06:51:45.0255 1460 ComputerName: CURRYS-PC
2011/07/19 06:51:45.0255 1460 UserName: currys
2011/07/19 06:51:45.0255 1460 Windows directory: C:\Windows
2011/07/19 06:51:45.0255 1460 System windows directory: C:\Windows
2011/07/19 06:51:45.0255 1460 Processor architecture: Intel x86
2011/07/19 06:51:45.0255 1460 Number of processors: 2
2011/07/19 06:51:45.0255 1460 Page size: 0x1000
2011/07/19 06:51:45.0255 1460 Boot type: Normal boot
2011/07/19 06:51:45.0255 1460 ================================================================================
2011/07/19 06:51:46.0485 1460 Initialize success
2011/07/19 06:51:57.0219 0892 ================================================================================
2011/07/19 06:51:57.0220 0892 Scan started
2011/07/19 06:51:57.0220 0892 Mode: Manual;
2011/07/19 06:51:57.0220 0892 ================================================================================
2011/07/19 06:51:57.0922 0892 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/19 06:51:58.0130 0892 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/19 06:51:58.0311 0892 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/19 06:51:58.0536 0892 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/19 06:51:58.0703 0892 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/19 06:51:58.0741 0892 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/19 06:51:58.0953 0892 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/19 06:51:59.0131 0892 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/19 06:51:59.0236 0892 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/19 06:51:59.0397 0892 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/19 06:51:59.0482 0892 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/19 06:51:59.0583 0892 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/19 06:51:59.0656 0892 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/19 06:51:59.0695 0892 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/19 06:51:59.0825 0892 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/07/19 06:51:59.0937 0892 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/19 06:52:00.0079 0892 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/07/19 06:52:00.0183 0892 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/19 06:52:00.0392 0892 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/19 06:52:00.0429 0892 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/19 06:52:00.0911 0892 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/19 06:52:01.0077 0892 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/19 06:52:01.0352 0892 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/19 06:52:01.0539 0892 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/19 06:52:01.0723 0892 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/19 06:52:01.0873 0892 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/19 06:52:02.0044 0892 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/19 06:52:02.0171 0892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/19 06:52:02.0226 0892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/19 06:52:02.0359 0892 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/19 06:52:02.0423 0892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/19 06:52:02.0540 0892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/19 06:52:02.0611 0892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/19 06:52:02.0765 0892 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/19 06:52:02.0911 0892 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/19 06:52:03.0099 0892 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/19 06:52:03.0238 0892 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/19 06:52:03.0324 0892 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/19 06:52:03.0466 0892 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/19 06:52:03.0551 0892 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/19 06:52:03.0684 0892 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/19 06:52:03.0741 0892 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/19 06:52:03.0874 0892 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/19 06:52:03.0991 0892 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/19 06:52:04.0155 0892 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/07/19 06:52:04.0281 0892 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/19 06:52:04.0419 0892 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/19 06:52:04.0479 0892 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/19 06:52:04.0640 0892 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/19 06:52:04.0719 0892 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/19 06:52:04.0944 0892 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/19 06:52:05.0191 0892 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/19 06:52:05.0255 0892 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/19 06:52:05.0454 0892 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/19 06:52:05.0494 0892 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/19 06:52:05.0666 0892 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/19 06:52:05.0734 0892 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/19 06:52:05.0984 0892 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/19 06:52:06.0106 0892 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/19 06:52:06.0186 0892 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/19 06:52:06.0365 0892 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/19 06:52:06.0425 0892 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/19 06:52:06.0581 0892 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/19 06:52:06.0660 0892 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/19 06:52:06.0907 0892 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/19 06:52:06.0973 0892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/19 06:52:07.0042 0892 GpdDevDPort (f1785fb4b89442aac648492b35ebcdc9) C:\Windows\system32\directport.sys
2011/07/19 06:52:07.0135 0892 GpdKbFilter (e48c4e69e2126aac01888c60cc6ed966) C:\Windows\system32\kbfiltr.sys
2011/07/19 06:52:07.0435 0892 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/19 06:52:07.0502 0892 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/19 06:52:07.0665 0892 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/19 06:52:07.0709 0892 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/19 06:52:07.0869 0892 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/19 06:52:07.0942 0892 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/07/19 06:52:08.0149 0892 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/19 06:52:08.0227 0892 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/19 06:52:08.0387 0892 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/19 06:52:08.0465 0892 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/19 06:52:08.0609 0892 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/19 06:52:08.0807 0892 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/07/19 06:52:09.0206 0892 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/19 06:52:09.0606 0892 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/19 06:52:09.0746 0892 IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/19 06:52:09.0929 0892 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/19 06:52:10.0010 0892 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/19 06:52:10.0118 0892 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/19 06:52:10.0213 0892 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/19 06:52:10.0345 0892 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/19 06:52:10.0581 0892 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/19 06:52:10.0780 0892 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys
2011/07/19 06:52:11.0405 0892 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/19 06:52:11.0880 0892 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/19 06:52:12.0222 0892 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/07/19 06:52:12.0448 0892 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/19 06:52:12.0552 0892 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/19 06:52:12.0827 0892 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/19 06:52:13.0136 0892 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/19 06:52:13.0664 0892 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/19 06:52:13.0940 0892 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/19 06:52:14.0598 0892 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/19 06:52:14.0741 0892 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/19 06:52:14.0901 0892 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/19 06:52:15.0250 0892 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/19 06:52:15.0677 0892 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/19 06:52:15.0979 0892 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/19 06:52:16.0334 0892 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/19 06:52:17.0346 0892 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/07/19 06:52:18.0523 0892 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/19 06:52:18.0989 0892 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/19 06:52:20.0243 0892 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/19 06:52:21.0556 0892 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/19 06:52:21.0725 0892 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/07/19 06:52:21.0811 0892 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/07/19 06:52:22.0256 0892 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/19 06:52:23.0016 0892 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/19 06:52:23.0438 0892 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/19 06:52:23.0673 0892 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/19 06:52:24.0114 0892 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/19 06:52:24.0328 0892 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/19 06:52:24.0692 0892 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/19 06:52:25.0130 0892 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/19 06:52:25.0847 0892 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/19 06:52:26.0398 0892 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/19 06:52:27.0065 0892 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/19 06:52:27.0613 0892 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/19 06:52:29.0087 0892 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/19 06:52:30.0357 0892 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/19 06:52:30.0912 0892 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/19 06:52:31.0710 0892 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/19 06:52:32.0061 0892 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/19 06:52:32.0583 0892 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/19 06:52:33.0541 0892 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/19 06:52:34.0510 0892 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/19 06:52:34.0925 0892 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/19 06:52:35.0538 0892 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/19 06:52:36.0316 0892 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/19 06:52:37.0086 0892 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/19 06:52:38.0033 0892 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/19 06:52:38.0318 0892 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/19 06:52:39.0098 0892 netr73 (00ebe302169c7b783a29b6df3c9e5b28) C:\Windows\system32\DRIVERS\netr73.sys
2011/07/19 06:52:39.0366 0892 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/19 06:52:39.0728 0892 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/19 06:52:40.0126 0892 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/19 06:52:40.0255 0892 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/07/19 06:52:40.0449 0892 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/19 06:52:40.0531 0892 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/07/19 06:52:40.0777 0892 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/07/19 06:52:40.0895 0892 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/19 06:52:41.0157 0892 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/19 06:52:41.0416 0892 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/19 06:52:41.0501 0892 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/19 06:52:41.0675 0892 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/19 06:52:41.0780 0892 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/19 06:52:41.0844 0892 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/19 06:52:42.0001 0892 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/19 06:52:42.0068 0892 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/19 06:52:42.0243 0892 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/19 06:52:42.0506 0892 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/19 06:52:42.0535 0892 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/19 06:52:42.0710 0892 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/19 06:52:42.0820 0892 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/19 06:52:43.0154 0892 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/19 06:52:43.0504 0892 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/19 06:52:43.0845 0892 RapportCerberus_26762 (7bf4f7e3ff7067b80b7d3d1e031bcb0e) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys
2011/07/19 06:52:43.0940 0892 RapportCerberus_28711 (0308af6ac1758f078f59d6a14f0bfaa9) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus32_28711.sys
2011/07/19 06:52:44.0114 0892 RapportEI (d299e4973da2dc9ded9066232e99e3d2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/07/19 06:52:44.0249 0892 RapportKELL (b4fedb7c55968ebe2bb9b8d7612eb2d5) C:\Windows\system32\Drivers\RapportKELL.sys
2011/07/19 06:52:44.0421 0892 RapportPG (352cae4a3c3b6f6ccdaa246a0a6a61c6) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/07/19 06:52:44.0580 0892 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/19 06:52:44.0648 0892 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/19 06:52:44.0781 0892 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/19 06:52:44.0960 0892 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/19 06:52:45.0016 0892 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/19 06:52:45.0422 0892 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/19 06:52:45.0531 0892 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/19 06:52:45.0650 0892 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/19 06:52:46.0120 0892 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/07/19 06:52:46.0322 0892 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/19 06:52:46.0368 0892 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/19 06:52:46.0683 0892 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/07/19 06:52:46.0749 0892 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/19 06:52:46.0993 0892 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/19 06:52:47.0238 0892 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/19 06:52:47.0401 0892 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/19 06:52:47.0467 0892 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/07/19 06:52:47.0605 0892 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/19 06:52:47.0801 0892 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/07/19 06:52:47.0863 0892 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/19 06:52:48.0051 0892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/19 06:52:48.0114 0892 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/19 06:52:48.0286 0892 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/19 06:52:48.0340 0892 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/19 06:52:48.0535 0892 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/19 06:52:48.0562 0892 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/19 06:52:48.0591 0892 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/19 06:52:48.0658 0892 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/19 06:52:48.0813 0892 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/19 06:52:48.0900 0892 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/19 06:52:48.0997 0892 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/19 06:52:49.0085 0892 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/19 06:52:49.0202 0892 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/19 06:52:49.0303 0892 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/07/19 06:52:49.0303 0892 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/19 06:52:49.0319 0892 sptd - detected LockedFile.Multi.Generic (1)
2011/07/19 06:52:49.0438 0892 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/19 06:52:49.0498 0892 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/19 06:52:49.0621 0892 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/19 06:52:49.0695 0892 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/07/19 06:52:49.0827 0892 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/19 06:52:49.0926 0892 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/19 06:52:50.0049 0892 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/07/19 06:52:50.0117 0892 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/19 06:52:50.0351 0892 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\DRIVERS\szkg.sys
2011/07/19 06:52:50.0467 0892 szkgfs (410a02a920fa9daeec56364e839597c1) C:\Windows\system32\drivers\szkgfs.sys
2011/07/19 06:52:50.0594 0892 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/19 06:52:50.0765 0892 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/19 06:52:50.0942 0892 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/19 06:52:51.0002 0892 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/19 06:52:51.0027 0892 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/19 06:52:51.0198 0892 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/19 06:52:51.0255 0892 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/19 06:52:51.0488 0892 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/19 06:52:51.0563 0892 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/19 06:52:51.0745 0892 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/19 06:52:51.0804 0892 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/19 06:52:51.0968 0892 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/19 06:52:52.0169 0892 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/19 06:52:52.0244 0892 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/19 06:52:52.0392 0892 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/19 06:52:52.0593 0892 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/19 06:52:52.0664 0892 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/07/19 06:52:52.0833 0892 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/19 06:52:52.0904 0892 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
2011/07/19 06:52:53.0079 0892 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/07/19 06:52:53.0149 0892 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
2011/07/19 06:52:53.0378 0892 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/19 06:52:53.0545 0892 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/19 06:52:53.0620 0892 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/19 06:52:53.0777 0892 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/07/19 06:52:53.0841 0892 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/19 06:52:54.0000 0892 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/07/19 06:52:54.0086 0892 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/19 06:52:54.0280 0892 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/19 06:52:54.0319 0892 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/19 06:52:54.0501 0892 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/19 06:52:54.0569 0892 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/19 06:52:54.0731 0892 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/19 06:52:55.0058 0892 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/19 06:52:55.0293 0892 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/07/19 06:52:55.0359 0892 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/19 06:52:55.0525 0892 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/19 06:52:55.0577 0892 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/19 06:52:55.0729 0892 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/19 06:52:55.0800 0892 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/19 06:52:55.0942 0892 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/19 06:52:56.0031 0892 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/19 06:52:56.0157 0892 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/19 06:52:56.0250 0892 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/19 06:52:56.0469 0892 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/19 06:52:56.0490 0892 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/19 06:52:56.0700 0892 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/19 06:52:56.0758 0892 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/19 06:52:56.0943 0892 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/19 06:52:57.0002 0892 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/19 06:52:57.0231 0892 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/19 06:52:57.0495 0892 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/19 06:52:57.0766 0892 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/19 06:52:58.0070 0892 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/19 06:52:58.0273 0892 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/19 06:52:58.0469 0892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/19 06:52:58.0502 0892 Boot (0x1200) (3d6de53591271eda17a8dfae6010d173) \Device\Harddisk0\DR0\Partition0
2011/07/19 06:52:58.0529 0892 Boot (0x1200) (d3659ef7ae78599e392e0b73a8fc0133) \Device\Harddisk0\DR0\Partition1
2011/07/19 06:52:58.0537 0892 ================================================================================
2011/07/19 06:52:58.0537 0892 Scan finished
2011/07/19 06:52:58.0537 0892 ================================================================================
2011/07/19 06:52:58.0555 2680 Detected object count: 1
2011/07/19 06:52:58.0555 2680 Actual detected object count: 1
2011/07/19 06:53:19.0251 2680 LockedFile.Multi.Generic(sptd) - User select action: Skip
#13
Posted 19 July 2011 - 04:54 AM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Hello,
Delete the copy of combofix you have as it's outdated
Download Combofix from any of the links below but rename it to explorer.exe before saving it to your desktop.
Link 1
Link 2
Link 3
==================================
Double click on the renamed ComboFix.exe & follow the prompts.
Next:
Please download MBRCheck.exe to your Desktop. Run the application.
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
If an infection is found, you will be presented with the following dialog:
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
Next:
Download OTS to your Desktop and double-click on it to run it
Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
Delete the copy of combofix you have as it's outdated
Download Combofix from any of the links below but rename it to explorer.exe before saving it to your desktop.
Link 1
Link 2
Link 3
==================================
Double click on the renamed ComboFix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt so we can continue cleaning the system.
Next:
Please download MBRCheck.exe to your Desktop. Run the application.
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
If an infection is found, you will be presented with the following dialog:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
Next:
Download OTS to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
#14
Posted 22 July 2011 - 03:48 PM
faye1987
- Topic Starter
-
- Member
-
- 36 posts
Member
hi michael- working on this now, will post shortly
#15
Posted 30 July 2011 - 02:09 AM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Hello,
Are you here?
Are you here?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
