Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gmer log for an infected acer laptop


  • This topic is locked This topic is locked
31 replies to this topic

#1 Autumn933

Autumn933

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 November 2009 - 08:25 AM

Hi,

Following is the Gmer log for my infected acer laptop.
-------------------------------------------------------------------------------------------------------

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-24 12:02:20
Windows 6.0.6002 Service Pack 2
Running: ojjwyv8g.exe; Driver: C:\Users\MB\AppData\Local\Temp\fgrdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B200340, 0x291517, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7470A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [746BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7473CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1844] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\nvstor32 \Device\Harddisk0\DR0 85471369

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\nvstor32.sys suspicious modification

---- EOF - GMER 1.0.15 ----
-----------------------------------------------------------------------

Elise, thanks for all the help.
Love
Autumn

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 AM

Posted 24 November 2009 - 08:49 AM

Hello autumn933,

:( to the Bleeping Computer Malware Removal Forum
, My name is Elise. I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
Please be patient and I'd be grateful if you would note the following:
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem.


COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 AM

Posted 24 November 2009 - 09:14 AM

Okay, lets get rid of that Norton warning :(

Please follow the instructions carefully. If you have any problems, just ask me.

WBEMTEST
--------------
We need to check the Antivirus/Firewall applications that are registered in Security Center.
Please make sure you do not make any other modifications except for those instructed below!

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Click Connect.
4. In the top left box type root\SecurityCenter and click Connect
5. Click on Query
6. Type SELECT * FROM AntiVirusProduct and click on Apply

Posted Image

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result and scroll down to Display name.
If the display name is Norton Internet Security, close the window and then delete the entry.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 AM

Posted 24 November 2009 - 12:34 PM

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Autumn933

Autumn933
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 November 2009 - 02:42 PM

Thanks for the reply Elise, I will do as you have suggested. (Edit : I tried to download OTL from your link and got a security center warning saying it is unsafe :( should I ignore it?)

Meanwhile, while I was away from Bleeping Computer I ran the Combofix.exe and following happened,

1 I ignored the norton running warning.
2. Was offered a Combofix update and clicked yes.
3. Combofix started to scan and this time went up to stage 13-14 or so unlike pre update scans where it only reached stage 3 before aborting.
4. As usual, Suddenly aborted and gave me an armlong message in the blue window something in the lines of .. 'A problem has been detected and windows has to shut down...'
5. At the bottom of this message I had some more lines giving 'technical information'

All this happened so fast that I could not read much. Then I was taken to the choose between safe or normal mode screen.

After the computer booted up I got a message saying 'windows has just recovered from something ...'
I copied the 'details' which were as followes :
-----------------------------------------------------------------------------
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 00010D02
BCP3: A5785C2C
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini112409-03.dmp
C:\Users\MB\AppData\Local\Temp\WER-55926-0.sysdata.xml
C:\Users\MB\AppData\Local\Temp\WERC2B2.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409

-------------------------------------------------------------------------------

There is no log file to this scan. Unless I am being the usual dumbo and looking in the wrong place.

Thanks for your time. Hope you get this message tonight.
Love Autumn

Edited by Autumn933, 24 November 2009 - 02:44 PM.


#6 Autumn933

Autumn933
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 November 2009 - 03:01 PM

Hi Elise,
Followed steps in your reply,

Here is the OTL.Txt
-------------------------------------------------------------------------------------------------------
OTL logfile created on: 24/11/2009 19:55:34 - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\MB\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 55.93% Memory free
3.74 Gb Paging File | 2.86 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.99 Gb Total Space | 14.38 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 51.98 Gb Total Space | 32.09 Gb Free Space | 61.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: MB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
------------------------------------------------------------------------------------------------------------

And here is the Extras.Txt

------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 24/11/2009 19:55:34 - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\MB\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 55.93% Memory free
3.74 Gb Paging File | 2.86 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.99 Gb Total Space | 14.38 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 51.98 Gb Total Space | 32.09 Gb Free Space | 61.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: MB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
--------------------------------------------------------------------------------------------------------------------------

Regards
Autumn

#7 Autumn933

Autumn933
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 November 2009 - 03:08 PM

Elise, complete OTL Logfile again
--------------------------------------

OTL logfile created on: 24/11/2009 19:55:34 - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\MB\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 55.93% Memory free
3.74 Gb Paging File | 2.86 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.99 Gb Total Space | 14.38 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 51.98 Gb Total Space | 32.09 Gb Free Space | 61.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: MB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/24 19:50:06 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\MB\Desktop\OTL.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/27 05:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/27 05:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/27 05:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/18 03:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/04/11 06:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 06:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 06:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/01/19 07:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 07:33:12 | 00,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008/01/19 07:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 07:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/05/15 16:21:26 | 00,323,232 | ---- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2006/10/23 19:00:36 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/10/19 21:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/08/05 01:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006/07/20 10:36:56 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe

#8 Autumn933

Autumn933
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 November 2009 - 03:14 PM

========== Modules (SafeList) ==========

MOD - [2009/11/24 19:50:06 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\MB\Desktop\OTL.exe
MOD - [2009/04/11 06:28:21 | 02,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2009/04/11 06:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 07:36:24 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2006/11/02 09:46:13 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006/11/02 09:46:07 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (CLTNetCnService)
SRV - [2009/09/25 01:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/30 04:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/22 19:15:54 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/18 18:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 18:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/18 18:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/02/04 10:36:51 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c986b48a96575c) Google Update Service (gupdate1c986b48a96575c)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 07:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/19 07:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/05/31 09:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/12/01 18:34:16 | 00,131,072 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/01 03:39:10 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 20:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/21 05:43:08 | 00,118,784 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/11/17 00:35:18 | 00,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/13 08:13:10 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2006/11/02 12:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/19 21:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/08/05 01:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/07/20 10:36:56 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 19:18:07 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/11 04:46:08 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/12/29 22:57:56 | 00,952,832 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/11/20 19:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/12/15 17:53:01 | 00,020,520 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2007/12/15 17:53:01 | 00,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2007/11/18 02:39:50 | 01,040,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/04/04 08:00:00 | 00,389,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/04/03 13:57:54 | 00,099,080 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 00,098,696 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 00,100,488 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 00,083,336 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/04/02 22:13:46 | 00,021,632 | ---- | M] (Motorola) -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/02 22:13:46 | 00,017,920 | ---- | M] (Motorola) -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/02/17 23:59:30 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\Windows\System32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/01/23 20:03:44 | 00,007,680 | ---- | M] (Motorola) -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2007/01/05 20:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/12/13 09:34:06 | 00,031,400 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Metaboli Player\X4HSX32.sys -- (X4HSX32)
DRV - [2006/12/07 12:04:45 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2006/12/06 18:33:54 | 00,006,400 | ---- | M] (Motorola) -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/11/18 04:07:00 | 04,450,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/13 08:10:32 | 00,069,632 | ---- | M] () -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006/11/10 23:21:16 | 00,007,936 | ---- | M] (HiTRUST) -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2006/11/10 23:10:50 | 00,010,624 | ---- | M] (HiTRUST) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2006/11/09 03:09:24 | 01,647,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/09 00:11:30 | 00,053,760 | ---- | M] (HiTRUST) -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2006/11/03 04:29:38 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 09:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 09:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 09:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:56 | 00,044,544 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 07:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/24 18:40:28 | 00,532,992 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/10/24 18:40:28 | 00,532,992 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/23 19:17:32 | 00,179,896 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/10/19 02:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/10/18 19:09:26 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 19:08:14 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 19:08:04 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/15 16:44:18 | 00,011,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/08/29 02:30:04 | 00,013,952 | ---- | M] () -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2006/08/05 01:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/06 21:44:00 | 00,168,448 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/06/19 22:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/06/06 09:51:06 | 00,022,528 | ---- | M] (WALTOP International Corp.) -- C:\Windows\System32\drivers\aiptektp.sys -- (aiptektp)
DRV - [2005/11/29 22:22:00 | 00,806,320 | ---- | M] (Bison Electronics. Inc. ) -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2003/09/20 07:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\S-1-5-21-412228837-1739839924-1172337188-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\S-1-5-21-412228837-1739839924-1172337188-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 15:16:05 | 00,000,000 | ---D | M]

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [atwtusb] C:\Windows\System32\atwtusb.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-412228837-1739839924-1172337188-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-412228837-1739839924-1172337188-1000..\Run: [Google Update] C:\Users\MB\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-412228837-1739839924-1172337188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...b/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/23.30/uploader2.cab (UploadListView Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://www.playfirst.com/play/game/dinerda...tg.1.0.0.32.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://help.broadbandassist.com/bbdesktop/...tivePreQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://www.shockwave.com/content/cinematyc...inematycoon.cab (TikGames Online Control)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://www.playfirst.com/play/game/dinerda...sh.1.0.0.93.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/07 12:05:10 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{984c2127-d4f4-11de-b236-0016d34f2fdf}\Shell - "" = AutoRun
O33 - MountPoints2\{984c2127-d4f4-11de-b236-0016d34f2fdf}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{c1749efd-d46b-11de-8ea3-0016d34f2fdf}\Shell - "" = AutoRun
O33 - MountPoints2\{c1749efd-d46b-11de-8ea3-0016d34f2fdf}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/24 19:50:03 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Users\MB\Desktop\OTL.exe
[2009/11/24 19:18:03 | 00,110,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2009/11/24 19:18:02 | 00,035,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2009/11/24 19:18:01 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/11/24 19:16:37 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/24 19:16:06 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/24 18:52:43 | 03,168,537 | -H-- | C] () -- C:\Users\MB\AppData\Local\IconCache.db
[2009/11/24 16:20:19 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/11/24 14:21:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/24 14:21:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/24 14:21:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/24 14:21:35 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/24 14:11:04 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/24 13:53:50 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/23 17:48:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/23 17:48:54 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/23 17:48:54 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/23 14:44:16 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/23 13:49:08 | 00,000,000 | ---D | C] -- C:\Program Files\AxBx
[2009/11/23 11:45:44 | 00,000,000 | ---D | C] -- C:\Users\MB\AppData\Roaming\Malwarebytes
[2009/11/23 11:45:36 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/23 11:44:20 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MB\Desktop\mbam-setup.exe
[2009/11/23 10:15:11 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/11/23 10:14:52 | 00,000,000 | ---D | C] -- C:\Users\MB\AppData\Roaming\SUPERAntiSpyware.com
[2009/11/23 10:14:52 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/23 08:05:04 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/11/23 02:48:28 | 00,000,000 | ---D | C] -- C:\Users\MB\AppData\Roaming\Mozilla
[2009/11/22 17:19:21 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/11/22 17:01:08 | 00,000,000 | ---D | C] -- C:\Users\MB\AppData\Local\Threat Expert
[2009/11/21 14:41:04 | 00,000,000 | ---D | C] -- C:\Users\MB\AppData\Roaming\Big Fish Games
[2009/11/21 14:40:30 | 00,000,000 | ---D | C] -- C:\Program Files\Azada Ancient Magic
[2009/11/21 00:25:55 | 00,000,000 | ---D | C] -- C:\Program Files\Big Fish Games Hide & Secret 3 Pharaohs Quest
[2009/11/20 23:22:19 | 00,000,000 | ---D | C] -- C:\Users\MB\AppData\Roaming\Artogon
[2009/11/20 21:50:28 | 00,000,000 | ---D | C] -- C:\ProgramData\HideAndSecret3
[2009/11/20 21:50:18 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2009/11/19 17:38:47 | 00,000,000 | ---D | C] -- C:\Program Files\Snowball Studios
[2009/11/18 18:11:58 | 00,000,000 | ---D | C] -- C:\Users\MB\Documents\CoM
[2009/11/18 17:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\City Interactive
[2009/11/17 12:41:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/17 12:39:53 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/11/17 12:39:51 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/11/17 12:39:51 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/11/17 12:39:21 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/11/17 12:39:21 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/11/17 12:39:21 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/11/17 12:39:21 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/11/17 12:39:20 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/11/17 12:39:20 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/11/17 12:39:20 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/11/17 12:39:20 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/11/17 12:39:20 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/11/17 12:39:20 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/11/17 12:39:20 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/11/17 12:39:20 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/11/17 12:39:20 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/11/17 12:39:20 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/11/17 12:39:20 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/11/17 12:39:20 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/11/17 12:39:19 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/11/17 12:39:19 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/11/17 12:39:19 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/11/17 12:39:19 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/11/17 12:39:19 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/11/17 12:39:19 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/11/17 12:39:19 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/11/17 12:39:19 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/11/17 12:39:19 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/11/17 12:39:19 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/11/17 12:39:19 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/11/17 12:38:48 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/11/17 12:38:48 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/11/17 12:38:48 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/11/17 12:38:38 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/11/17 12:38:36 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/11/17 12:38:35 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/11/17 12:38:35 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/11/17 12:38:35 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/11/17 12:38:35 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/11/17 12:38:35 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/11/17 12:38:35 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/11/17 12:38:35 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/11/17 12:38:35 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/11/17 12:38:35 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/11/17 12:38:35 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/11/17 12:38:35 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2009/11/17 12:37:28 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/11/17 12:37:28 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/11/17 12:37:28 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/11/16 16:38:01 | 00,000,000 | ---D | C] -- C:\Users\MB\Desktop\New Folder
[2009/11/16 08:14:44 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/16 08:14:43 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/11 17:43:44 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/11 17:43:31 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/09 21:57:05 | 00,000,000 | ---D | C] -- C:\Users\MB\AppData\Roaming\Gogii
[2009/11/08 15:38:24 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/08 15:38:24 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/08 15:38:24 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/05 23:46:02 | 00,000,000 | ---D | C] -- C:\VIPRERESCUE
[2009/11/05 23:44:38 | 00,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2009/11/05 23:44:32 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/11/05 12:31:22 | 00,000,000 | -H-D | C] -- C:\ProgramData\SugarGames
[2009/11/05 12:28:48 | 00,000,000 | ---D | C] -- C:\Users\MB\Desktop\Downloads
[2009/10/29 10:28:35 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/29 10:28:35 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/29 10:28:34 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/29 10:28:34 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/29 10:28:11 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/29 10:28:11 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/29 10:28:11 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/29 10:27:56 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/29 10:27:56 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/28 18:04:41 | 00,000,000 | ---D | C] -- C:\Users\MB\AppData\Roaming\EscapeFromParadise2
[2009/10/28 14:42:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Escape From Paradise
[2009/10/28 11:57:19 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 11:57:18 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 11:57:17 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/26 14:49:13 | 00,000,000 | ---D | C] -- C:\Program Files\PC-home
[2009/10/26 13:58:37 | 00,000,000 | ---D | C] -- C:\Users\MB\Desktop\torrent
[2006/12/07 12:18:24 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[24 C:\Users\MB\Desktop\*.tmp files -> C:\Users\MB\Desktop\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/24 19:55:37 | 03,407,872 | -HS- | M] () -- C:\Users\MB\ntuser.dat
[2009/11/24 19:50:06 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\MB\Desktop\OTL.exe
[2009/11/24 19:48:00 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-412228837-1739839924-1172337188-1000UA.job
[2009/11/24 19:46:00 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/24 19:34:20 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/24 19:34:20 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/24 19:34:20 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/24 19:30:11 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/24 19:28:45 | 00,034,916 | ---- | M] () -- C:\Users\MB\AppData\Roaming\nvModes.001
[2009/11/24 19:28:28 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 19:28:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 19:27:43 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/24 19:27:43 | 00,000,306 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2009/11/24 19:27:38 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/24 19:27:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/24 19:27:08 | 18,776,55552 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/24 19:27:05 | 15,374,2229 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/24 19:18:07 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2009/11/24 18:54:58 | 00,265,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/24 18:52:48 | 00,524,288 | -HS- | M] () -- C:\Users\MB\ntuser.dat{e2389cf6-3d23-11dd-903e-0016d34f2fdf}.TMContainer00000000000000000001.regtrans-ms
[2009/11/24 18:52:48 | 00,065,536 | -HS- | M] () -- C:\Users\MB\ntuser.dat{e2389cf6-3d23-11dd-903e-0016d34f2fdf}.TM.blf
[2009/11/24 18:52:43 | 03,168,537 | -H-- | M] () -- C:\Users\MB\AppData\Local\IconCache.db
[2009/11/24 18:50:45 | 00,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3695A4B0-609E-46C8-8F67-609652008682}.job
[2009/11/24 18:44:29 | 03,574,755 | R--- | M] () -- C:\Users\MB\Desktop\ComboFix.exe
[2009/11/24 11:27:01 | 00,292,352 | ---- | M] () -- C:\Users\MB\Desktop\ojjwyv8g.exe
[2009/11/24 10:17:19 | 00,034,304 | ---- | M] () -- C:\Users\MB\Desktop\Hi.doc
[2009/11/24 08:48:00 | 00,000,842 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-412228837-1739839924-1172337188-1000Core.job
[2009/11/23 17:48:58 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 17:48:14 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MB\Desktop\mbam-setup.exe
[2009/11/23 17:45:55 | 00,000,890 | ---- | M] () -- C:\Users\MB\Desktop\Multi Virus Cleaner 2009.lnk
[2009/11/23 13:47:45 | 03,018,858 | ---- | M] () -- C:\Users\MB\Desktop\mvc.zip
[2009/11/23 13:45:20 | 14,308,680 | ---- | M] () -- C:\Users\MB\Desktop\winzip140.exe
[2009/11/21 22:18:30 | 00,524,288 | -HS- | M] () -- C:\Users\MB\ntuser.dat{68b13ac5-d6e7-11de-af0d-0016d34f2fdf}.TMContainer00000000000000000002.regtrans-ms
[2009/11/21 22:18:30 | 00,524,288 | -HS- | M] () -- C:\Users\MB\ntuser.dat{68b13ac5-d6e7-11de-af0d-0016d34f2fdf}.TMContainer00000000000000000001.regtrans-ms
[2009/11/21 22:18:30 | 00,065,536 | -HS- | M] () -- C:\Users\MB\ntuser.dat{68b13ac5-d6e7-11de-af0d-0016d34f2fdf}.TM.blf
[2009/11/21 17:07:36 | 49,124,918 | ---- | M] () -- C:\Users\MB\Documents\Dream Chronicles The Chosen Child.zip
[2009/11/20 10:16:06 | 00,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000F69.LCS
[2009/11/19 14:02:15 | 00,000,038 | ---- | M] () -- C:\Users\MB\jagex_runescape_preferences.dat
[2009/11/19 14:01:57 | 00,000,063 | ---- | M] () -- C:\Users\MB\jagex_runescape_preferences2.dat
[2009/11/17 12:41:14 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/17 12:40:56 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/16 22:44:23 | 00,948,398 | ---- | M] () -- C:\Users\MB\Desktop\Leh1.jpg
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/05 17:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[24 C:\Users\MB\Desktop\*.tmp files -> C:\Users\MB\Desktop\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


========== Files Created - No Company Name ==========

[2009/11/24 19:27:07 | 18,776,55552 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/24 18:52:43 | 03,168,537 | -H-- | C] () -- C:\Users\MB\AppData\Local\IconCache.db
[2009/11/24 16:20:08 | 15,374,2229 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/11/24 14:21:35 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/24 14:21:35 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/24 14:21:35 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/24 14:21:35 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/24 14:21:35 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/24 13:52:56 | 03,574,755 | R--- | C] () -- C:\Users\MB\Desktop\ComboFix.exe
[2009/11/24 11:26:59 | 00,292,352 | ---- | C] () -- C:\Users\MB\Desktop\ojjwyv8g.exe
[2009/11/24 10:17:19 | 00,034,304 | ---- | C] () -- C:\Users\MB\Desktop\Hi.doc
[2009/11/23 17:48:58 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 13:49:12 | 00,000,890 | ---- | C] () -- C:\Users\MB\Desktop\Multi Virus Cleaner 2009.lnk
[2009/11/23 13:47:29 | 03,018,858 | ---- | C] () -- C:\Users\MB\Desktop\mvc.zip
[2009/11/23 13:45:08 | 14,308,680 | ---- | C] () -- C:\Users\MB\Desktop\winzip140.exe
[2009/11/21 22:06:42 | 00,524,288 | -HS- | C] () -- C:\Users\MB\ntuser.dat{68b13ac5-d6e7-11de-af0d-0016d34f2fdf}.TMContainer00000000000000000002.regtrans-ms
[2009/11/21 22:06:42 | 00,524,288 | -HS- | C] () -- C:\Users\MB\ntuser.dat{68b13ac5-d6e7-11de-af0d-0016d34f2fdf}.TMContainer00000000000000000001.regtrans-ms
[2009/11/21 22:06:42 | 00,065,536 | -HS- | C] () -- C:\Users\MB\ntuser.dat{68b13ac5-d6e7-11de-af0d-0016d34f2fdf}.TM.blf
[2009/11/21 20:17:06 | 49,124,918 | ---- | C] () -- C:\Users\MB\Documents\Dream Chronicles The Chosen Child.zip
[2009/11/19 17:43:06 | 00,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000F69.LCS
[2009/11/17 12:41:14 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/17 12:40:56 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/16 21:58:52 | 00,948,398 | ---- | C] () -- C:\Users\MB\Desktop\Leh1.jpg
[2009/10/14 18:10:12 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/24 15:41:19 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/24 15:40:26 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2008/06/26 08:36:19 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008/03/29 13:57:42 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/21 18:49:03 | 00,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI
[2008/01/01 15:32:18 | 00,006,383 | ---- | C] () -- C:\Windows\aiptbl.ini
[2007/10/23 16:47:56 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/06/20 17:23:26 | 00,000,268 | RH-- | C] () -- C:\ProgramData\Basic Track
[2007/06/20 17:23:26 | 00,000,268 | RH-- | C] () -- C:\Users\MB\AppData\Roaming\Automatic Filter
[2007/06/20 17:23:26 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2007/06/20 17:23:26 | 00,000,012 | RH-- | C] () -- C:\ProgramData\Bass Reduction
[2007/06/20 17:13:45 | 00,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2007/05/02 16:50:43 | 00,036,106 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/03/23 21:20:01 | 00,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2007/03/23 21:20:01 | 00,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2007/03/20 20:27:19 | 00,000,064 | ---- | C] () -- C:\Windows\CIV.INI
[2007/03/20 20:17:38 | 00,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/02/17 23:58:58 | 00,192,512 | ---- | C] () -- C:\Windows\System32\blkwcd.dll
[2007/02/17 23:58:58 | 00,167,936 | ---- | C] () -- C:\Windows\System32\BelkinwcuiDLL.dll
[2007/02/17 23:58:58 | 00,101,888 | ---- | C] () -- C:\Windows\System32\CrashRpt.dll
[2007/02/17 23:58:58 | 00,061,440 | ---- | C] () -- C:\Windows\System32\BelkinHWStatus.dll
[2007/02/17 23:58:58 | 00,053,248 | ---- | C] () -- C:\Windows\System32\preflib.dll
[2007/02/13 20:07:49 | 00,059,688 | ---- | C] () -- C:\Users\MB\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2007/02/05 20:29:35 | 00,779,776 | ---- | C] () -- C:\Windows\System32\cp211_main.dll
[2007/02/05 20:29:35 | 00,226,304 | ---- | C] () -- C:\Windows\System32\cp211_msjava.dll
[2007/02/05 20:29:35 | 00,133,120 | ---- | C] () -- C:\Windows\System32\cp211_vrml1to2.dll
[2007/02/05 20:29:34 | 00,285,184 | ---- | C] () -- C:\Windows\System32\cp211_graphicslarge8.dll
[2007/02/05 20:29:34 | 00,285,184 | ---- | C] () -- C:\Windows\System32\cp211_graphicslarge16.dll
[2007/02/05 20:29:34 | 00,252,416 | ---- | C] () -- C:\Windows\System32\cp211_javascript.dll
[2007/02/05 20:29:34 | 00,167,936 | ---- | C] () -- C:\Windows\System32\cp211_graphicsmed8.dll
[2007/02/05 20:29:34 | 00,167,936 | ---- | C] () -- C:\Windows\System32\cp211_graphicsmed16.dll
[2007/02/05 20:29:34 | 00,057,856 | ---- | C] () -- C:\Windows\System32\cp211_graphicssmall8.dll
[2007/02/05 20:29:34 | 00,057,856 | ---- | C] () -- C:\Windows\System32\cp211_graphicssmall16.dll
[2007/02/05 20:29:34 | 00,049,152 | ---- | C] () -- C:\Windows\System32\cp211_lang.dll
[2007/02/05 20:29:34 | 00,026,624 | ---- | C] () -- C:\Windows\System32\cp211_basic.dll
[2007/02/05 20:29:34 | 00,013,312 | ---- | C] () -- C:\Windows\System32\cp211_graphicspos.dll
[2007/02/02 16:33:54 | 00,085,504 | ---- | C] () -- C:\Users\MB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/01 01:19:45 | 00,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/02/01 01:19:45 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/02/01 01:18:28 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/02/01 01:12:00 | 00,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/02/01 01:11:00 | 00,034,916 | ---- | C] () -- C:\Users\MB\AppData\Roaming\nvModes.001
[2007/02/01 01:10:55 | 00,034,916 | ---- | C] () -- C:\Users\MB\AppData\Roaming\nvModes.dat
[2007/02/01 01:08:55 | 00,059,688 | ---- | C] () -- C:\Users\MB\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/01/31 20:49:24 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/01/16 12:25:48 | 00,022,723 | ---- | C] () -- C:\Windows\System32\clpa1l3.dll
[2006/12/28 17:48:31 | 00,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2006/12/07 13:44:32 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/12/07 12:18:26 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/12/07 12:05:27 | 00,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006/12/07 12:04:14 | 00,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2006/12/02 07:24:39 | 00,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2006/12/02 07:24:39 | 00,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2006/12/02 07:24:39 | 00,204,800 | ---- | C] () -- C:\Windows\Capsule.dll
[2006/12/02 07:24:39 | 00,000,042 | ---- | C] () -- C:\Windows\PreLaunch.ini
[2006/12/02 07:24:38 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/16 21:20:38 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2006/11/16 21:20:20 | 00,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2006/11/16 21:20:10 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006/11/16 21:19:10 | 00,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006/11/16 21:19:04 | 00,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2006/11/16 21:18:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2006/11/16 21:18:50 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/11/16 21:18:06 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 12:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 12:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 12:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 12:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 00,690,960 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 10:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 10:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 10:23:31 | 00,000,322 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 10:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 07:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 07:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 07:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 07:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 07:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 07:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 07:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 07:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 07:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 07:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 07:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 07:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 07:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 07:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 06:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2004/08/18 13:00:00 | 00,035,840 | -H-- | C] () -- C:\Windows\System32\msls50.dll
[2001/12/26 23:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/25 12:00:10 | 00,045,056 | ---- | C] () -- C:\Windows\System32\HWINV.DLL
[2001/07/25 12:00:10 | 00,026,572 | ---- | C] () -- C:\Windows\System32\INV16.DLL
[2001/07/24 05:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:8FDE078B
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0C85CAF3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9E3E060F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:375FC7E7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:55818279
< End of report >

#9 Autumn933

Autumn933
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 November 2009 - 03:19 PM

Here is the EXTRA TEXT now.

--------------------------------------------------------

OTL Extras logfile created on: 24/11/2009 19:55:34 - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\MB\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 55.93% Memory free
3.74 Gb Paging File | 2.86 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51.99 Gb Total Space | 14.38 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 51.98 Gb Total Space | 32.09 Gb Free Space | 61.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: MB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)


========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FA2B5C-F263-4860-9920-6CBFD1FACED4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{0FD80843-CB9D-4147-A674-1B85C9A3E0CE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{19F24FF9-5A6A-4B04-BDA3-41819921D6FE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{22591082-07CA-4326-B050-080B6E3FBAB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27BABA64-1CC5-460A-853C-E527CC824CA2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3CD16E0C-715B-4063-A9B3-F3F7040B03DE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{45EC83F2-F466-4773-97E2-CB8CA13433D9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{649BF011-1023-4800-A265-5CB8C5C654B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6900F47A-477D-466E-93E4-97CCCB83146E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71CE3E6E-A18B-4A96-B92F-8FA897A8F7F2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{811C8D21-F292-4FD4-B35A-FFC68376F9E3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{81CF7D36-8BC0-4445-9616-4C19CA2552AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{884311C7-4C30-45BA-803D-F19456883938}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{90D7AA2F-3F2E-47EA-A5BB-070BBD7EEC99}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A3EFD4A6-F116-4213-B46F-E11B407A3A3C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D18CAD57-3F03-48E0-A85E-41CF023ADE62}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DF26319E-754F-455C-88C6-48DD0C9442EA}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E0C2ED78-0EF9-4554-80C3-AF645D22FD68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E53A6B1C-409D-420D-9977-DBE968583C8E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E79EBA09-0EBA-450F-9719-29A0658FAA1D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EF9A6EE0-BB4B-4A00-81DE-F9660E43234A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3E332CF-557F-44D2-ACDA-FA16ACB32ACD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F92B362B-C8ED-4550-8F51-36CD5EE91AAE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0134B0C3-4225-4ED4-80E6-9489DDED33F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0255FFAE-8666-4A64-86AB-441F452276D6}" = protocol=6 | dir=out | app=system |
"{04712787-970F-48D6-8697-CA1826F64261}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{110EE12F-13BA-4EE5-A92E-38A139A01B0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1826F07E-DB68-4862-8347-EBDA59B1B6E7}" = protocol=6 | dir=in | app=c:\program files\morpheus\morpheus.exe |
"{1A8D9EAF-B23D-43CB-998E-8AE32AA8DB27}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B755953-EFE3-41CF-9C65-416CBCFDC842}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{2BAD7686-C09B-48C9-952E-5D9688A82F67}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D718134-2B8F-41FD-A1A3-9DB276B6750F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41C9F85B-7F40-4682-89A2-3BC69597887D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A4F4233-C741-4C88-8FFE-2101048F0D3A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{4BEB69D5-C5B2-4847-9076-3DE8A4680538}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{55EE17D1-EA35-4BE9-B095-260092E95DD1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59E498D6-A528-4B65-9512-763D8E2C88FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5ED34AAE-5F8B-4F81-B3EA-E8620721082E}" = protocol=17 | dir=in | app=c:\program files\morpheus\morpheus.exe |
"{61FA0D00-7A54-4E4E-9CE7-ECAC7536D3BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66EBAD39-1329-452D-B5CD-A474DEC2FB3B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6826F275-9750-4289-A6D1-896037DBE880}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C3BC7B1-9B8B-40A1-91DE-7B3A561C61EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78F9F80E-77EE-41F9-84F6-A5A1A5F1955E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{80E57164-A9C5-44AE-9DA2-CA4E0FD85530}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90FE9840-2584-419B-A0C8-5BB2927D5A2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92C0F0C3-B634-4976-9617-0230F293E093}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{97F78614-AC40-4C7D-AA22-6F5E091A3BB4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9BDEF54D-3E94-45FF-B417-4B2B6F140BB7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A24D367E-3ABC-47E5-B75D-DB3904F906A5}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{A7664FF0-CD20-4AAE-AB21-9DF0F03700CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD7AD75C-8FDC-47CB-BC50-77F4ECBE8034}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B6CF7113-434A-463F-8E53-004FBF33A188}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C1990356-814B-4F86-B2DC-14464FAD9AE5}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{C61F8405-A7EE-4AB2-AB57-3D1CB1744931}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DAF2A3A0-6728-48B7-92C0-A06140D819A5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E0636647-E6AF-43C3-AEC8-1A95D2BB5FDC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E2F10064-AE69-480B-8F7C-3FF4203A293E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F74E51B9-BEC5-4FE7-92E2-A9275D130F4B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FA0E0E00-60D6-4848-AB27-B3A74BB2A0AD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FE7364EE-3906-498E-9D93-3F773104974B}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"TCP Query User{1C3B376E-365F-4FF7-AADB-479C4573CA53}C:\program files\dofus-arena beta 2\dofusarena.exe" = protocol=6 | dir=in | app=c:\program files\dofus-arena beta 2\dofusarena.exe |
"TCP Query User{334C93BE-067D-4822-B60B-0F5F7503C445}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{5A3E6C68-8B1B-499E-8175-90D361B998CA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5BCC3726-7502-4812-BD26-97D3F29B33E9}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{A42AABEB-6069-47B7-9957-366E03C4C074}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{AABF2779-E8FE-48A7-8466-8B1CF6577992}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{B743EFAB-C7D4-45F6-9644-86BDA63A92BA}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{E238E4C8-57C9-49DA-BA24-84386BA84DCC}E:\server\mmserv.exe" = protocol=6 | dir=in | app=e:\server\mmserv.exe |
"TCP Query User{E29F841D-3059-48E6-B3CE-B7684C702E6E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E8D95263-975A-420E-8E56-43222035E7F9}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{F1382E7D-6BFC-4904-86CB-3F96FC40E555}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{3980D4D6-15E9-46FC-8F0F-9757E77A8954}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{3C3BD031-C107-4481-91A1-A2162CF6EE8F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{6896AA58-4C16-4F0E-88FC-252436133A6B}C:\program files\dofus-arena beta 2\dofusarena.exe" = protocol=17 | dir=in | app=c:\program files\dofus-arena beta 2\dofusarena.exe |
"UDP Query User{6AC1FA90-FCCE-4903-A617-EABB32388090}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{73EA071D-CB8A-446D-843F-D62039EC64ED}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8713C12E-6D3B-4F21-AAD3-D197C44ED8E7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8D784CDA-25D8-4687-A581-855A3B0341D2}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{BEB86D0E-C653-4AB1-B3BA-B4F7B78EAAA3}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{D005F94E-43BB-49E1-817A-82A1E37FC3EB}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{E313B2BB-3B13-455B-A366-1047EE0A2177}E:\server\mmserv.exe" = protocol=17 | dir=in | app=e:\server\mmserv.exe |
"UDP Query User{F7DA6C58-530F-42A1-B4FE-E9D7056BB5EE}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0143CF89-5CF2-4F2D-80D5-BFAE64E1BA00}" = MITs Wizard 3.0 for Device
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Metaboli Player
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{307F566E-3DCF-4A6C-A149-FE47F39A1BA4}_is1" = Power CD+G Player Pro
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{52F6065D-27D0-4680-B2BC-C49C9A252459}" = Motorola Driver Installation
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EC59BF9E-39D5-3108-A34B-12FB60ECAF8B}" = Google Talk Plugin
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F07C011F-82D0-42CE-B2A6-28CD4BF385E2}" = Belkin 802.11g Wireless Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity_is1" = Audacity 1.2.6
"Azureus" = Azureus
"burnatonce_is1" = burnatonce
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cosmo Player 2.1.1" = Cosmo Player 2.1.1 (41451)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Glary Utilities_is1" = Glary Utilities 2.10.0.622
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HyperCam 2" = HyperCam 2
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Junior Jyotish_is1" = Junior Jyotish 1.09v
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Multi Virus Cleaner 2009_is1" = Multi Virus Cleaner 2009
"Nikon FotoShare" = Nikon FotoShare
"NVIDIA Drivers" = NVIDIA Drivers
"PhoneModeSwitch" = Phone Mode Switch
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"Retriever_is1" = Retriever 1.1.4.0
"Rmtablet" = 1200-V2 WIRELESS SCROLL TABLET
"Shockwave" = Shockwave
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Yahoo! Messenger" = Yahoo! Messenger

#10 Autumn933

Autumn933
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 November 2009 - 03:21 PM

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-412228837-1739839924-1172337188-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/02/2008 18:18:01 | Computer Name = LAPTOP | Source = EventSystem | ID = 4609
Description =

Error - 13/03/2008 08:53:30 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6000.16609 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d0c Start Time: 01c88504b899475a Termination Time: 708

Error - 15/03/2008 11:00:54 | Computer Name = LAPTOP | Source = VSS | ID = 8194
Description =

Error - 15/03/2008 11:02:34 | Computer Name = LAPTOP | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 15/03/2008 11:02:35 | Computer Name = LAPTOP | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/03/2008 05:44:10 | Computer Name = LAPTOP | Source = VSS | ID = 8194
Description =

Error - 16/03/2008 05:45:22 | Computer Name = LAPTOP | Source = System Restore | ID = 8193
Description =

Error - 16/03/2008 15:53:04 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application RtMI.exe, version 0.0.0.0, time stamp 0x4164f8c0,
faulting module RtMI.exe, version 0.0.0.0, time stamp 0x4164f8c0, exception code
0xc0000005, fault offset 0x00232bb6, process id 0x1040, application start time 0x01c8879f1e90e020.

Error - 16/03/2008 16:08:43 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application RtMI.exe, version 0.0.0.0, time stamp 0x4164f8c0,
faulting module RtMI.exe, version 0.0.0.0, time stamp 0x4164f8c0, exception code
0xc0000005, fault offset 0x00232bb6, process id 0x4a4, application start time 0x01c887a09a975726.

Error - 17/03/2008 16:55:36 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = The program TycoonCity.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c90 Start Time: 01c8886603f1993f Termination Time: 85

[ Media Center Events ]
Error - 19/09/2007 04:02:36 | Computer Name = LAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 22/09/2007 04:45:41 | Computer Name = LAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 16/04/2008 10:11:16 | Computer Name = LAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 22/05/2008 08:19:13 | Computer Name = LAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 25/05/2008 05:51:53 | Computer Name = LAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 26/05/2008 09:10:21 | Computer Name = LAPTOP | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 24/11/2009 15:28:16 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description =

Error - 24/11/2009 15:28:16 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description =

Error - 24/11/2009 15:28:16 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description =

Error - 24/11/2009 15:28:16 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description =

Error - 24/11/2009 15:28:16 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description =

Error - 24/11/2009 15:28:16 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description =

Error - 24/11/2009 15:28:16 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description =

Error - 24/11/2009 15:28:16 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description =

Error - 24/11/2009 15:28:16 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description =

Error - 24/11/2009 15:28:16 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description =


< End of report >
---------------------------------------------------

That is all of it. It took me about 20 mins to post it, how on earth are you going to be able to read all this! I bow to thee :(

Love
Autumn

#11 Autumn933

Autumn933
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 November 2009 - 03:30 PM

Found the Quarantine folder in c:qoobox

Found three items in it

C (a folder that is empty)
Registry_Backups (a folder that is empty)
Catchme.log (it has the following text)


-------- 2009-11-24 - 14:11:06 -------------


-------- 2009-11-24 - 14:21:23 -------------


-------- 2009-11-24 - 16:15:46 -------------

error: 31

-------- 2009-11-24 - 16:22:56 -------------


-------- 2009-11-24 - 17:00:41 -------------

error: 31

-------- 2009-11-24 - 18:43:44 -------------


-------- 2009-11-24 - 18:45:48 -------------


-------- 2009-11-24 - 19:03:28 -------------

error: 31

-------- 2009-11-24 - 19:16:39 -------------

error: 31

Autumn

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 AM

Posted 24 November 2009 - 03:31 PM

Please make sure you have a new copy of Combofix on your desktop.

Press Windows key + R , this will bring up a run box. Copy/paste the following bolded text in the run box and press enter.

"%userprofile%\desktop\combofix.exe" /killall

This should start Combofix. Let me know how it runs.

Edited by elise025, 24 November 2009 - 04:25 PM.
fixed the command

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Autumn933

Autumn933
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 24 November 2009 - 05:35 PM

Hi again Elise,

I went back into chat but you were gone by then bless you. I think I made you stay up past midnight :(

Norton did not bother me after uninstalling it using the tool you directed me to.

But again Combofix did not scan in normal mode, stayed stuck and never showed me any stages.

Then I tried it on Safe mode so atleast I could give you 'some' text but again it aborted soon after stage 17 and the computer started to reboot.

Hope to see you tomorrow and thanks a million for all your help so far.

Love
Autumn

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 AM

Posted 25 November 2009 - 03:17 AM

Hello again, lets try to remove that rootkit with the followoing tool.
  • Please download TDSSKiller.rar and save it to your desktop.
  • Extract the rar file to your desktop.
  • Double click on TDSSKiller.exe to run it.
  • When it finished press any key to continue.
  • If needed reboot the computer.
After that, please google a bit around and see if you still get redirected. Let me know (in IRC is fine) how that went.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,200 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 AM

Posted 25 November 2009 - 04:18 AM

Hello Autumn933,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    nvstor32.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

In your next reply, please include the following:
  • SystemLook.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users