Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan virus on windows 7 laptop


  • This topic is locked This topic is locked
9 replies to this topic

#1 Rocky O

Rocky O

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 07 July 2010 - 12:39 AM

Hello, I am having problems with my laptop. I think I accidentally downloaded a trojan virus, since my virus scans are telling me so, and i also cannot run certain scans on my computer.

after i also looked at preparation guide, i cannot run the 'gmer.exe' program properly. it says this error "C:\Windows\system32\config\system: The system cannot find the file specified."

sad.gif

here is a dds log:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Mark at 22:12:54.14 on 06/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3967.2257 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Mark\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mark\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
uRun: [Google Update] "c:\users\mark\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Logitech Vid] "c:\program files (x86)\logitech\logitech vid\vid.exe" -bootmode
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [Mobile Connectivity Suite] "c:\program files (x86)\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\mark\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\exyi1jym.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\mark\appdata\roaming\mozilla\firefox\profiles\exyi1jym.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\mark\appdata\roaming\mozilla\firefox\profiles\exyi1jym.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\users\mark\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\mark\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\minefield\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\minefield\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\minefield\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\minefield\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\minefield\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\minefield\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\minefield\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\minefield\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\minefield\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\minefield\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\minefield\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\minefield\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\minefield\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\minefield\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\minefield\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\minefield\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\minefield\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 60);
c:\program files (x86)\minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "");
c:\program files (x86)\minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "");
c:\program files (x86)\minefield\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-f-CN", "");
c:\program files (x86)\minefield\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\minefield\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-10-1 269320]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-10-1 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-10-1 317520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-4-14 308064]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-6 191000]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-6 30232]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-11-3 31744]
S3 P0870Dev;Creative WebCam Live! Motion;c:\windows\system32\drivers\P0870Dev.sys [2009-12-23 161920]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-16 50176]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1255736]

=============== Created Last 30 ================

2010-07-07 04:33:20 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2010-07-07 04:32:56 0 d-----w- c:\program files (x86)\Panda Security
2010-07-07 04:29:57 0 d-----w- c:\program files (x86)\Trend Micro
2010-06-26 13:01:57 0 d-----w- C:\9a5930451b524d479e8881
2010-06-25 11:03:10 0 d-----w- c:\programdata\n7-89-o9-3r-4t-r9
2010-06-25 10:58:51 0 d-----w- c:\program files (x86)\Virtual Villagers 4 - The Tree of Life
2010-06-25 10:47:32 0 d-----w- c:\users\mark\appdata\roaming\GameHouse
2010-06-25 10:44:26 0 d-----w- c:\program files (x86)\Nevosoft
2010-06-25 06:53:27 0 d-----w- c:\program files (x86)\Games
2010-06-24 11:01:18 262144 ---ha-w- c:\windows\DUMPb6c0.DMP
2010-06-23 06:33:33 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-23 06:33:33 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-23 06:33:33 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 06:33:33 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 06:33:33 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 06:33:33 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-23 06:33:33 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-23 06:33:33 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 06:33:33 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-23 06:33:33 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 05:10:36 0 d-----w- c:\program files (x86)\Murder She Wrote
2010-06-23 05:07:12 0 d-----w- c:\program files (x86)\Cate West - The Vanishing Files
2010-06-23 05:05:59 0 d-----w- c:\program files (x86)\Artist Colony
2010-06-23 04:56:12 0 d-----w- c:\program files (x86)\Agatha Christie - 450 from Paddington
2010-06-23 03:51:30 0 d-----w- c:\programdata\MumboJumbo
2010-06-23 00:49:17 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 00:49:17 1289528 ----a-w- c:\windows\syswow64\ntdll.dll
2010-06-23 00:49:11 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 00:49:11 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-06-23 00:49:11 258560 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-23 00:49:10 552960 ----a-w- c:\windows\system32\msdri.dll
2010-06-23 00:49:10 288256 ----a-w- c:\windows\system32\MSNP.ax
2010-06-23 00:49:10 204288 ----a-w- c:\windows\syswow64\MSNP.ax
2010-06-23 00:49:10 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-06-20 05:08:56 0 d-----w- c:\program files\iPod
2010-06-20 05:08:55 0 d-----w- c:\program files\iTunes
2010-06-20 05:08:55 0 d-----w- c:\program files (x86)\iTunes
2010-06-20 05:06:28 0 d-----w- c:\program files\Bonjour
2010-06-20 05:06:28 0 d-----w- c:\program files (x86)\Bonjour
2010-06-18 00:33:29 0 d-----w- c:\users\mark\appdata\roaming\Red Kawa
2010-06-18 00:32:11 0 d-----w- c:\users\mark\appdata\roaming\XLink Kai
2010-06-18 00:22:58 0 d-----w- c:\program files (x86)\XLink Kai
2010-06-11 00:07:10 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 00:07:10 67584 ----a-w- c:\windows\syswow64\asycfilt.dll
2010-06-11 00:07:04 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 00:07:04 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 00:07:04 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-06-11 00:07:04 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-06-11 00:07:03 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 07:26:06 0 d-----w- c:\programdata\HipSoft

==================== Find3M ====================

2010-06-02 19:08:39 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-06-02 19:08:39 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-18 23:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 15:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-14 07:59:32 12976 ----a-w- c:\windows\system32\avgrssta.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-23 17:27:10 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:13:50.40 ===============


Thank you to anyone who can help me out with this problem

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:58 PM

Posted 10 July 2010 - 02:30 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Rocky O

Rocky O
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 10 July 2010 - 02:57 PM

Hello m0le! Thanks very much for responding. Yes, I am here. I look forward to hearing from you again :]

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:58 PM

Posted 10 July 2010 - 07:29 PM

Firstly, please run Sophos so we can rule out other things

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.


Now please download and run OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Rocky O

Rocky O
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 13 July 2010 - 01:40 AM

hello again m0le!

i had a few problems doing the things you suggested; first, when i tried runing sophos, i could NOT click on 'Running processes'. i ran the scan anyway, and didn't find any files marked 'yes cleanup recommended'

here are my logs from the things you mentioned i should do scans for...


Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc
Started logging on 12/07/2010 at 22:19:49
User "Mark" on computer "HAL"
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\NVIDIA\WinVista64\179.48\IS\Display\ISSetup.dll
Hidden: file C:\NVIDIA\WinVista64\179.48\IS\ISSetup.dll
Hidden: file C:\Program Files (x86)\AV Audio Merger\AVAudioMerger.exe
Hidden: file C:\Program Files (x86)\Free Audio Pack\FreeConverter\FreeConverter.exe
Hidden: file C:\Program Files (x86)\East Imperial Soft\Magic Uneraser 2.0\Magic Uneraser.exe
Hidden: file C:\Users\Mark\Downloads\FileZilla_3.3.0.1_win32-setup.exe
Hidden: file C:\Users\Mark\Downloads\vlc-1.0.2-win32.exe
Hidden: file C:\Users\Mark\Downloads\vlc-1.0.2-win32(2).exe
Hidden: file C:\Windows\SysWOW64\DivX.dll
Hidden: file C:\Program Files (x86)\DivX\DivX Converter\aacadec.dll
Hidden: file C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe
Hidden: file C:\Program Files (x86)\Google\Picasa3\Uninstall.exe
Hidden: file C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\aacadec.dll
Hidden: file C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe
Hidden: file C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe
Hidden: file C:\Program Files (x86)\DivX\DivXBundleUninstall.exe
Hidden: file C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Media Player\LocalMLS_1.wmdb
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\mrrgbptcmrql5iemm2ciezuqtcngvlferknii3ustksivcdoucokzfvmscsgjhvujbrgqzeamjzga2demrugfadcnbtga3taqcqiyzueqjtjbge2nkwkjcu2qrxjfgverkeg5ie4vslkzefemspljagu4dhl5ua[1].jpg
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\z2f6mrrgbptcmrql5kfqvrsjy3eqvjxk5mtmtcpkvmegrchlbbfqrccifmtkrzvlblu2jbxgi4uanbvgy4ten2ageztgojxgjafiwcwgjhdmscvg5lvsnsmj5kvqq2ei5meewceijavsnkhgvmfotkanjygox3i[1].jpg
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\gbptcmrql5dumqkhki3fonktljkdotceircuywkoizndenkbkqzeevckinbuwjbuga4uamjwgqztoojqgradmnzwg44ear2gifdvensxgvjvuvbxjrceirkmlfhemwrsgvavimsckrfegq2liayteqdkobtv62a[1].jpg
Hidden: file C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\f6mrrgbptcmrql42fqskqinmfqrctie3vgnsdjvfvkscnkjifgtcqgjmfqukzingvojbtgayuanzrgq2tcmbtiaytgmzugayuancyjfiegwcyirjucn2tgzbu2s2vjbgveuctjridewcykfmugtkxibvhaz27na[1].jpg
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\f6mjugbptqmc7j42emsjsk5jverkjkrcvcurxivhe4nkbivku2m2cljidgubxgzcsimzwgvadgmzrgyztknrtiaytimrugezuatzuizetev2tkjcusvcfkfjdorkojy2ucrkvjuzuewsqgnidonsfibvhaz27na[1].jpg
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\mrrgbptcmrql43uwwk2gqzvirjtljcuisrxki3ewnslk5jfenk2kvgfourukbevojbtha3uamrvha2tenzygnadcnbqga3tgqbxjnmvunbtkrctgwsfirfdourwjm3ewv2ski2vuvkmk5jdiucjk5agu4dhl5ua[1].jpg
Hidden: file C:\Users\Mark\Downloads\ablerawer14_setup.exe
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\z2f6mrrgbptcmrql5idgrkojbfegvkmgvlemm2bjjce6rcigjeucwkpjbmteq2zjjgvqjbwga4uamzqgy3dsmbwia4dmmrvg5afam2fjzeeuq2vjq2vmrrtiffeit2ejazesqkzj5efsmsdlffe2wcanjygox3i[1].jpg
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\z2f6mrrgbptcmrql5keisciizju2s2mj5neyqssk5ieev2ykuzu2wchijkfewsejjftkjbwga4uamzqgy3dsmbwia4tkmzzgnafircijbdfgtkljrhvutcckjlvaqsxlbktgtkyi5bfius2irfewnkanjygox3i[1].jpg
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\mrrgbptcmrql5mfurbxkziewsbtifldkq2ojvhe4scgjbgucwbwiriukr2jjjeecjbxgi4uanbvgy4ten2ageztenjuhfafqwseg5lfas2ignavmnkdjzgu4tsiizee2qkygzcfcrkhjffeqqkagfagu4dhl5ua[1].jpg
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\mrrgbptcmrql5dfeschkzeuuujxinluqusijrfvmtrtgzhuqucmgjivoqsuk4zeyjbwgq2eamjqguztinbwia4dqnbsgfaemusii5lesssrg5bvoscsjbgewvsogm3e6scqjqzfcv2ckrltetcagjagu4dhl5ua[1].jpg
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\rrgbptcmrql5ftgwkvkzguwqrxjvcfkujuijauyt2tkrcuovzwie2eutjvgncfijbwgq2eamjqguztinbwiaytamrsgmzeasztlfkvmtklii3u2rcvke2eeqkmj5jvirkhk43ecnckju2tgrcuia3ea2tqm5pwq[1].jpg
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03JG96ZX\z2f6mjugbptqmc7grkvirchkvgfksshku2foq2hjrbdercqgrgecskdjjnfancugizsinrqgfadmobtheytansageydgnrrg5adivkuirdvktcvjjdvkncxinduyqrsiriditcbjfbuuwsqgrkdem2anjygox3i[1].jpg
Hidden: file C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\LgDrvInst.exe
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQRHK9ZL\3.0%7C5225[1].1%7C923809%7C5000%7C225%7CADTECH;cookie=info;size=728x90;alias=15014300_1252P_TOP_728x90;loc=100;target=_blank;key=profile;
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQRHK9ZL\.0%7C5225[1].1%7C923809%7C5000%7C225%7CADTECH;cookie=info;size=728x90;alias=15014300_1252P_BOTTOM_728x90;loc=100;target=_blank;key=profile;
Hidden: file C:\Users\Mark\Downloads\pspvideo9-503-setup.exe
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81Z31J3E\a9=0;a11=0;a13=0;a15=0;a18=0;spon=kmart;sens=0;m=0;mage=0;area=groups;gcat=;gid=107447;2omk=;tier=default;sz=728x90;tile=1;ord=772985685[1]
Hidden: file C:\Users\Mark\Downloads\7z465.exe
Hidden: file C:\Program Files (x86)\7-Zip\Uninstall.exe
Hidden: file C:\Program Files (x86)\WinDS PRO\config.exe
Hidden: file C:\Program Files (x86)\WinDS PRO\windspro.exe
Hidden: file C:\Program Files (x86)\WinDS PRO\AutoPlay\Plugins\TransitionEngine\TEngine.dll
Hidden: file C:\Program Files (x86)\WinDS PRO\Extras\dxwebsetup.exe
Hidden: file C:\Program Files (x86)\WinDS PRO\Extras\oalinst.exe
Hidden: file C:\Program Files (x86)\WinDS PRO\Extras\winpcap.exe
Hidden: file C:\Program Files (x86)\WinDS PRO\iDeaS\SDL.dll
Hidden: file C:\Program Files (x86)\WinDS PRO\NO$GBA\7za.dll
Hidden: file C:\Program Files (x86)\WinDS PRO\NO$GBA\Attach.dll
Hidden: file C:\Program Files (x86)\WinDS PRO\NO$GBA\DelZip179.dll
Hidden: file C:\Program Files (x86)\WinDS PRO\NO$GBA\myZoom.exe
Hidden: file C:\Program Files (x86)\WinDS PRO\NO$GBA\unrar.dll
Hidden: file C:\Program Files (x86)\WinDS PRO\NO$GBA\unzip32.dll
Hidden: file C:\Program Files (x86)\WinDS PRO\NO$GBA\zlib1.dll
Hidden: file C:\Program Files (x86)\WinDS PRO\VBA\VisualBoyAdvance.exe
Hidden: file C:\Program Files (x86)\WinDS PRO\VBA Link\VisualBoyAdvance.exe
Hidden: file C:\Program Files (x86)\WinDS PRO\VBA-M\libpng13.dll
Hidden: file C:\Program Files (x86)\WinDS PRO\VBA-M\VisualBoyAdvance.exe
Hidden: file C:\Program Files (x86)\WinDS PRO\VBA-M\zlib1.dll
Hidden: file C:\Users\Mark\Downloads\WorldOfGooSetup.1.30.exe
Hidden: file C:\Program Files (x86)\East Imperial Soft\Magic Uneraser 2.0\Uninstall.exe
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQTCT57H\%3Bm=2%3Bl=9156%3Bc=75990%3Bb=447931%3Bp=ui%3DzgmiAF2NBum2jB%3Btr%3D0tWCrUd3aHA%3Btm%3D0-0%3Bts=20100628184329%3Bdct=;ord=20100628184329[1]
Hidden: file C:\Windows\Temp\CRF000\Setup.EXE
Hidden: file C:\Users\Mark\Downloads\setup_magicdisc106.exe
Hidden: file C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Hidden: file C:\Users\Mark\Downloads\VobSub_2.23.exe
Hidden: file C:\Program Files (x86)\DivX\DivXCodecUninstall.exe
Hidden: file C:\Program Files (x86)\DivX\DivXConverterUninstall.exe
Hidden: file C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe
Hidden: file C:\Program Files (x86)\Microsoft Office\Office12\CRYPTOPP.DLL
Hidden: file C:\Users\Mark\AppData\Local\Mozilla\Firefox\Profiles\exyi1jym.default\Cache\79C731ACd01
Hidden: file C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
Hidden: file C:\Users\Mark\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
Hidden: file C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CRYPTOPP.DLL
Hidden: file C:\Users\Mark\Downloads\fsSetup127.exe
Hidden: file C:\Users\Mark\Downloads\Setup_FreeConverter.exe
Hidden: file C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Hidden: file C:\Windows\SysWOW64\avisynth.dll
Hidden: file C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe
Hidden: file C:\Program Files (x86)\Red Kawa\Video Converter App\uninstaller.exe
Hidden: file C:\Program Files (x86)\Flickr Uploadr\vcredist_x86.exe
Hidden: file C:\Users\Mark\Documents\Azureus Downloads\Magic Uneraser v2.0 Portable\Magic_Uneraser.exe
Hidden: file C:\Program Files (x86)\Vuze\plugins\azemp\vuzeplayer.exe
Hidden: file C:\Users\Mark\AppData\Local\Mozilla\Firefox\Profiles\exyi1jym.default\Cache\DDDD926Dd01
Hidden: file C:\Users\Mark\AppData\Local\Temp\1B8C.tmp\evP.exe
Hidden: file C:\Users\Mark\Downloads\wma-merger.exe
Hidden: file C:\Users\Mark\AppData\Local\Temp\7zOBCDB.tmp\gmer.exe
Hidden: file C:\Users\Mark\AppData\Local\Temp\1CE3.tmp\evP.exe
Hidden: file C:\Users\Mark\AppData\Roaming\Skype\mark.gelder\etilqs_fGrqo7GME73aqNof5hUq
Hidden: file C:\Users\Mark\Downloads\AVAudioMerger.exe
Hidden: file C:\Users\Mark\Downloads\burn4free_setup.exe
Hidden: file C:\Users\Mark\AppData\Local\Temp\~nsu.tmp\Au_.exe
Hidden: file C:\Program Files (x86)\Burn4Free\Burn4Free.exe
Hidden: file C:\Program Files (x86)\Burn4Free\bass.dll
Hidden: file C:\Program Files (x86)\Burn4Free\uninstall.exe
Hidden: file C:\Program Files (x86)\Vuze\.install4j\i4j_extf_13_5p83tu.exe
Hidden: file C:\Users\Mark\AppData\Local\Temp\tempNimbuzzInstaller.exe
Hidden: file C:\swsetup\SP36240\ISSetup.dll
Hidden: file C:\swsetup\SP36240\WinVista32\ISSetup.dll
Hidden: file C:\swsetup\SP36240\WinVista64\ISSetup.dll
Hidden: file C:\Windows\Temp\dd140c7c-94be-4aeb-bcaf-d6cc1471ad2b.tmp
Hidden: file C:\Windows\Temp\a0dcf4b7-fc76-4d19-bfaa-0499a026f0f1.tmp
Hidden: file C:\Users\Mark\Downloads\InstallNimbuzz.exe
Hidden: file C:\Users\Mark\Downloads\VobSub_2.23(2).exe
Hidden: file C:\swsetup\SP37711\ISSetup.dll
Hidden: file C:\swsetup\SP37711\WinVista64\ISSetup.dll
Hidden: file C:\swsetup\SP37711\WinVista32\ISSetup.dll
Hidden: file C:\Program Files (x86)\mkv2vob\mkv2vob.exe
Hidden: file C:\Program Files (x86)\mkv2vob\tools\tsmuxer.exe
Hidden: file C:\Program Files (x86)\mkv2vob\tools\mencoder.exe
Hidden: file C:\Program Files (x86)\PlayFirst\Diner Dash\Install_DreamChronicles.EXE
Hidden: file C:\Program Files (x86)\PlayFirst\Diner Dash\diner dash.exe
Hidden: file C:\Program Files (x86)\PlayFirst\Diner Dash\Install_Chocolatier.EXE
Hidden: file C:\Program Files (x86)\PlayFirst\Diner Dash\Install_Diner_Dash_Flo_On_The_Go.EXE
Hidden: file C:\Program Files (x86)\PlayFirst\Diner Dash\Install_TriJinx.EXE
Hidden: file C:\Program Files (x86)\PlayFirst\Diner Dash\game\diner dash.exe
Hidden: file C:\Program Files (x86)\PlayFirst\Chocolatier\Install_Diner_Dash_Flo_On_The_Go.EXE
Hidden: file C:\Program Files (x86)\PlayFirst\Chocolatier\Chocolatier.exe
Hidden: file C:\Program Files (x86)\PlayFirst\Chocolatier\Install_DreamChronicles.EXE
Hidden: file C:\Program Files (x86)\PlayFirst\Chocolatier\Install_PiratePoppers.EXE
Hidden: file C:\Program Files (x86)\PlayFirst\Chocolatier\Install_TriJinx.EXE
Hidden: file C:\Program Files (x86)\PlayFirst\Chocolatier\game\Chocolatier.exe
Hidden: file C:\ProgramData\avg9\Temp\53a1fbce-9b95-478c-8f72-741b0fa9eba0.tmp
Hidden: file C:\Users\Mark\AppData\Local\Temp\ Sally's Studio Collector's Edition.exe
Hidden: file C:\Users\Mark\Documents\Azureus Downloads\Virtual Villagers 4 - The Tree of Life\Virtual Villagers 4 - The Tree of Life.exe
Hidden: file C:\Program Files (x86)\Virtual Villagers 4 - The Tree of Life\uninstall.exe
Hidden: file C:\Program Files (x86)\Virtual Villagers 4 - The Tree of Life\Virtual_Villagers_The_Tree_of_Life.exe
Hidden: file C:\Users\Mark\AppData\Roaming\Facebook\uninstall.exe
Hidden: file C:\Users\Mark\AppData\Local\Temp\windeskhlp.exe
Hidden: file C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14HN0Y7Q\Setup[1].exe
Hidden: file C:\Users\Mark\AppData\Local\Temp\e4j3CF7.tmp_dir27677\i4j_extf_18_5p83tu.exe
Hidden: file C:\Program Files (x86)\Vuze\.install4j\i4j_extf_18_5p83tu.exe
Hidden: file C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe
Hidden: file C:\Program Files (x86)\Agatha Christie - 450 from Paddington\fmodex.dll
Hidden: file C:\Program Files (x86)\Agatha Christie - 450 from Paddington\Uninstall.exe
Hidden: file C:\Users\Mark\AppData\Local\Temp\nstE4C8.tmp\uac.dll
Hidden: file C:\Program Files (x86)\Artist Colony\Uninstall.exe
Hidden: file C:\Program Files (x86)\Cate West - The Vanishing Files\Uninstall.exe
Hidden: file C:\Program Files (x86)\Murder She Wrote\Uninstall.exe
Hidden: file C:\Program Files (x86)\bfgclient\uninstall.exe
Hidden: file C:\Program Files (x86)\PlayFirst\Dream Chronicles\dream.exe
Hidden: file C:\Program Files (x86)\PlayFirst\Dream Chronicles\game\dream.exe
Hidden: file C:\Program Files (x86)\PlayFirst\Diner Dash - Flo on the Go\Diner Dash - Flo On The Go.exe
Hidden: file C:\Program Files (x86)\PlayFirst\Diner Dash - Flo on the Go\game\Diner Dash - Flo On The Go.exe
Hidden: file C:\Program Files (x86)\Lost in the City\Uninstall.exe
Hidden: file C:\Program Files (x86)\SpongeBob SquarePants Krabby Quest\Uninstall.exe
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\IAAwAAAAAAZbiCfCkBAAAAAAAAAGM1N2U3ZDRjLTgyNjEtMTFkZi1iOTdjLTAwMzA0OGQ3MmMyNADpfDcAAAA%3D%2C%2Chttp%3A%2F%2Ftravel-videos.com%2Findex[1].htm
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\o_L-lb.bcclt-ex.48;;subcat=laptop;ord1=176670;sz=728x90;pos=atf;contx=Unclassifiable;btg=lb.auto_L;btg=lb.bcclt;btg=ex[1].48;ord=2043511017
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81Z31J3E\ypeek.yellowbook[1].com%252Fyellow-pages%252F%253Fwhat%253Ddating%2526where%253DView+Park%25252c+Los+Angeles%25252c+CA%2526geoExpand%253Dno
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQRHK9ZL\_L-lb.bcclt-ex.48;;subcat=printers;ord1=401430;sz=728x90;pos=atf;contx=Unclassifiable;btg=lb.auto_L;btg=lb.bcclt;btg=ex[1].48;ord=815444982
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\a9=0;a11=0;a13=0;a15=0;a18=0;spon=kmart;sens=0;m=0;mage=0;area=groups;gcat=;gid=107447;2omk=;tier=default;sz=728x90;tile=1;ord=188768675[1]
Hidden: file C:\Program Files (x86)\Agatha Christie - Peril at End House\Uninstall.exe
Hidden: file C:\Program Files (x86)\Wandering Willows\Uninstall.exe
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQTCT57H\,lb.auto_L-lb.bcclt-ex.48;;subcat=printers;ord1=811432;sz=728x90;pos=atf;contx=elect;btg=lb.auto_L;btg=lb.bcclt;btg=ex[1].48;ord=1566105039
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\9=0;a11=0;a13=0;a15=0;a18=0;spon=kmart;sens=0;m=0;mage=0;area=groups;gcat=;gid=107447;2omk=;tier=default;sz=160x600;tile=3;ord=188768675[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQTCT57H\9=0;a11=0;a13=0;a15=0;a18=0;spon=kmart;sens=0;m=0;mage=0;area=groups;gcat=;gid=107447;2omk=;tier=default;sz=300x250;tile=2;ord=188768675[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81Z31J3E\9=0;a11=0;a13=0;a15=0;a18=0;spon=kmart;sens=0;m=0;mage=0;area=groups;gcat=;gid=107447;2omk=;tier=default;sz=160x112;tile=4;ord=188768675[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81Z31J3E\5=0;a6=0;a7=0;a9=0;a11=0;a13=0;a15=0;a18=0;spon=0;sens=0;m=0;mage=0;area=faqs;gcat=;gid=0;2omk=;tier=high;sz=728x90;tile=1;ord=415961606[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\9=0;a11=0;a13=0;a15=0;a18=0;spon=kmart;sens=0;m=0;mage=0;area=groups;gcat=;gid=107447;2omk=;tier=default;sz=300x250;tile=2;ord=772985685[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\9=0;a11=0;a13=0;a15=0;a18=0;spon=kmart;sens=0;m=0;mage=0;area=groups;gcat=;gid=107447;2omk=;tier=default;sz=160x600;tile=3;ord=772985685[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQRHK9ZL\5=0;a6=0;a7=0;a9=0;a11=0;a13=0;a15=0;a18=0;spon=0;sens=0;m=0;mage=0;area=faqs;gcat=;gid=0;2omk=;tier=high;sz=728x90;tile=1;ord=275351596[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\bcclt-ex.48;;subcat=printers;ord1=304602;sz=728x90;pos=atf;contx=elect;btg=lb.elect_L;btg=lb.auto_L;btg=lb.bcclt;btg=ex[1].48;ord=254760896
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\=0;a6=0;a7=0;a9=0;a11=0;a13=0;a15=0;a18=0;spon=0;sens=0;m=0;mage=0;area=faqs;gcat=;gid=0;2omk=;tier=high;sz=300x250;tile=2;ord=415961606[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQRHK9ZL\=0;a6=0;a7=0;a9=0;a11=0;a13=0;a15=0;a18=0;spon=0;sens=0;m=0;mage=0;area=faqs;gcat=;gid=0;2omk=;tier=high;sz=160x112;tile=3;ord=415961606[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81Z31J3E\=0;a6=0;a7=0;a9=0;a11=0;a13=0;a15=0;a18=0;spon=0;sens=0;m=0;mage=0;area=faqs;gcat=;gid=0;2omk=;tier=high;sz=300x250;tile=2;ord=275351596[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\=0;a6=0;a7=0;a9=0;a11=0;a13=0;a15=0;a18=0;spon=0;sens=0;m=0;mage=0;area=faqs;gcat=;gid=0;2omk=;tier=high;sz=160x112;tile=3;ord=275351596[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81Z31J3E\;a18=0;spon=0;sens=0;m=0;mage=0;area=content;gcat=parenting_pregnancy_baby_names;gid=0;2omk=;tier=default;sz=600x52;tile=2;ord=759171652[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\.48;;subcat=printers;ord1=88959;sz=728x90;pos=atf;contx=Unclassifiable;btg=lb.elect_L;btg=lb.auto_L;btg=lb.bcclt;btg=ex[1].48;ord=249644765
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQTCT57H\5=0;a6=0;a7=0;a9=0;a11=0;a13=0;a15=0;a18=0;spon=0;sens=0;m=0;mage=0;area=faqs;gcat=;gid=0;2omk=;tier=high;sz=728x90;tile=1;ord=483356497[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQRHK9ZL\=0;a6=0;a7=0;a9=0;a11=0;a13=0;a15=0;a18=0;spon=0;sens=0;m=0;mage=0;area=faqs;gcat=;gid=0;2omk=;tier=high;sz=300x250;tile=2;ord=483356497[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQTCT57H\=0;a6=0;a7=0;a9=0;a11=0;a13=0;a15=0;a18=0;spon=0;sens=0;m=0;mage=0;area=faqs;gcat=;gid=0;2omk=;tier=high;sz=160x112;tile=3;ord=483356497[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\;a18=0;spon=0;sens=0;m=0;mage=0;area=content;gcat=parenting_pregnancy_baby_names;gid=0;2omk=;tier=default;sz=728x90;tile=1;ord=759171652[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQTCT57H\a18=0;spon=0;sens=0;m=0;mage=0;area=content;gcat=parenting_pregnancy_baby_names;gid=0;2omk=;tier=default;sz=300x250;tile=3;ord=759171652[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\a18=0;spon=0;sens=0;m=0;mage=0;area=content;gcat=parenting_pregnancy_baby_names;gid=0;2omk=;tier=default;sz=160x112;tile=4;ord=759171652[1]
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48EK6EVY\%3Bm=2%3Bl=9156%3Bc=75990%3Bb=44
7931%3Bp=ui%3DzgmiAF2NBum2jB%3Btr%3DyTSwSCtp7ME%3Btm%3D0-0%3Bts=20100628183004%3Bdct=;ord=20100628183004[1]
Stopped logging on 12/07/2010 at 23:13:34

======================

OTL logfile created on: 12/07/2010 23:34:30 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Mark\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 43.81 Gb Free Space | 29.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Mark\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Mark\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe (Sophos Plc)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe (Teleca AB)


========== Modules (SafeList) ==========

MOD - C:\Users\Mark\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\C18B.tmp (Sophos Plc)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC1124 Inc)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (P0870Dev) -- C:\Windows\SysNative\drivers\P0870Dev.sys (Creative Technology Ltd.)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 5A 66 38 5C 51 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/06/02 21:35:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/07 21:03:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/07 21:03:00 | 000,000,000 | ---D | M]

[2009/11/09 12:24:51 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions
[2009/09/30 17:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/09 12:24:51 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2010/07/12 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\exyi1jym.default\extensions
[2010/04/12 07:04:06 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\exyi1jym.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/04/11 12:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/07 21:03:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/02 04:03:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/12/20 17:27:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2009/10/02 14:33:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/04/11 12:46:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/06/07 21:02:58 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/07 21:02:58 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 09:41:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\libdivx.dll
[2010/03/09 04:28:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 09:41:24 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 09:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/06/07 21:02:59 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 12:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/12/21 19:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/05/04 04:39:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010/05/04 04:39:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/05/04 04:39:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/05/04 04:39:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/05/04 04:39:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/05/04 04:39:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/05/04 04:39:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/25 09:41:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\Mozilla Firefox\plugins\ssldivx.dll
[2009/11/06 14:37:03 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/06 14:37:04 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/11/06 14:37:04 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/06 14:37:04 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/06 14:37:04 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/06 14:37:04 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/11/06 14:37:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/06 14:37:04 | 000,000,831 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 22:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/07/06 21:33:20 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2010/07/06 21:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010/07/06 21:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/26 06:03:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/26 06:01:57 | 000,000,000 | ---D | C] -- C:\9a5930451b524d479e8881
[2010/06/25 04:03:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\LDW
[2010/06/25 04:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\n7-89-o9-3r-4t-r9
[2010/06/25 03:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Villagers 4 - The Tree of Life
[2010/06/25 03:47:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\GameHouse
[2010/06/25 03:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nevosoft
[2010/06/25 03:42:25 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\Thinstall
[2010/06/24 23:53:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2010/06/22 23:33:33 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/22 23:33:33 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/22 23:33:33 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/22 23:33:33 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/22 23:33:33 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/22 23:33:33 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/22 23:33:33 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/22 23:33:33 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/22 22:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Murder She Wrote
[2010/06/22 22:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cate West - The Vanishing Files
[2010/06/22 22:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Artist Colony
[2010/06/22 21:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Agatha Christie - 450 from Paddington
[2010/06/22 20:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2010/06/22 17:49:17 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/06/22 17:49:11 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/06/22 17:49:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/22 17:49:11 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/22 17:49:10 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/06/22 17:49:10 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/06/22 17:49:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/22 17:49:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/19 22:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/19 22:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/19 22:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/19 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/19 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/17 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Red Kawa
[2010/06/17 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Red Kawa
[2010/06/17 17:32:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\XLink Kai
[2010/06/17 17:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XLink Kai
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/12 23:35:47 | 002,621,440 | -HS- | M] () -- C:\Users\Mark\NTUSER.DAT
[2010/07/12 22:56:03 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/12 22:38:52 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1543741412-579323182-2244760058-1001UA.job
[2010/07/12 22:09:22 | 061,925,743 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/07/12 22:05:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/12 22:05:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/12 22:04:58 | 3119,714,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/07 00:03:44 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/07 00:03:43 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/07 00:03:28 | 009,905,129 | -H-- | M] () -- C:\Users\Mark\AppData\Local\IconCache.db
[2010/07/06 21:52:07 | 000,111,224 | ---- | M] () -- C:\Users\Mark\Desktop\hijackthislog.png
[2010/07/06 21:29:58 | 000,002,971 | ---- | M] () -- C:\Users\Mark\Desktop\HiJackThis.lnk
[2010/06/28 15:23:40 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/28 00:01:17 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/06/27 19:45:21 | 002,072,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/27 19:45:21 | 000,841,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/27 19:45:21 | 000,005,120 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/25 17:38:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1543741412-579323182-2244760058-1001Core.job
[2010/06/25 03:59:11 | 000,002,337 | ---- | M] () -- C:\Users\Mark\Desktop\Virtual Villagers 4 - The Tree of Life.lnk
[2010/06/25 03:44:50 | 000,002,237 | ---- | M] () -- C:\Users\Mark\Desktop\My Kingdom for the Princess!.lnk
[2010/06/24 04:01:18 | 000,262,144 | -H-- | M] () -- C:\Windows\DUMPb6c0.DMP
[2010/06/22 22:10:55 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Play Murder She Wrote.lnk
[2010/06/22 22:07:17 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Play Cate West - The Vanishing Files.lnk
[2010/06/22 22:06:21 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Play Artist Colony.lnk
[2010/06/22 21:56:23 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\Play Agatha Christie - 450 from Paddington.lnk
[2010/06/22 06:55:48 | 000,034,735 | ---- | M] () -- C:\Users\Mark\Documents\Video call snapshot 25.png
[2010/06/22 06:55:41 | 000,038,841 | ---- | M] () -- C:\Users\Mark\Documents\Video call snapshot 26.png
[2010/06/22 06:20:22 | 000,122,378 | ---- | M] () -- C:\Users\Mark\Documents\Video call snapshot 12.png
[2010/06/22 06:20:17 | 000,131,172 | ---- | M] () -- C:\Users\Mark\Documents\Video call snapshot 13.png
[2010/06/22 06:19:57 | 000,037,104 | ---- | M] () -- C:\Users\Mark\Documents\Video call snapshot 21.png
[2010/06/22 06:19:36 | 000,031,659 | ---- | M] () -- C:\Users\Mark\Documents\Video call snapshot 30.png
[2010/06/22 06:19:29 | 000,022,137 | ---- | M] () -- C:\Users\Mark\Documents\Video call snapshot 29.png
[2010/06/19 22:09:22 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/06 21:52:06 | 000,111,224 | ---- | C] () -- C:\Users\Mark\Desktop\hijackthislog.png
[2010/07/06 21:29:58 | 000,002,971 | ---- | C] () -- C:\Users\Mark\Desktop\HiJackThis.lnk
[2010/06/27 20:00:33 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/27 20:00:31 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/25 03:59:11 | 000,002,337 | ---- | C] () -- C:\Users\Mark\Desktop\Virtual Villagers 4 - The Tree of Life.lnk
[2010/06/25 03:44:50 | 000,002,237 | ---- | C] () -- C:\Users\Mark\Desktop\My Kingdom for the Princess!.lnk
[2010/06/25 03:44:04 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/06/24 04:01:18 | 000,262,144 | -H-- | C] () -- C:\Windows\DUMPb6c0.DMP
[2010/06/22 22:10:55 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Play Murder She Wrote.lnk
[2010/06/22 22:07:17 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Play Cate West - The Vanishing Files.lnk
[2010/06/22 22:06:21 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Play Artist Colony.lnk
[2010/06/22 21:56:23 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\Play Agatha Christie - 450 from Paddington.lnk
[2010/06/22 06:55:48 | 000,034,735 | ---- | C] () -- C:\Users\Mark\Documents\Video call snapshot 25.png
[2010/06/22 06:55:41 | 000,038,841 | ---- | C] () -- C:\Users\Mark\Documents\Video call snapshot 26.png
[2010/06/22 06:20:22 | 000,122,378 | ---- | C] () -- C:\Users\Mark\Documents\Video call snapshot 12.png
[2010/06/22 06:20:16 | 000,131,172 | ---- | C] () -- C:\Users\Mark\Documents\Video call snapshot 13.png
[2010/06/22 06:19:57 | 000,037,104 | ---- | C] () -- C:\Users\Mark\Documents\Video call snapshot 21.png
[2010/06/22 06:19:36 | 000,031,659 | ---- | C] () -- C:\Users\Mark\Documents\Video call snapshot 30.png
[2010/06/22 06:19:28 | 000,022,137 | ---- | C] () -- C:\Users\Mark\Documents\Video call snapshot 29.png
[2010/06/19 22:09:22 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/12/20 17:42:21 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/22 15:59:45 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/11/03 15:39:29 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 01:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 01:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 01:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 01:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 01:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 01:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 01:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 01:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 01:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 01:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003/07/09 17:47:55 | 000,013,600 | ---- | C] () -- C:\Windows\SysWow64\sasperf.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2009/11/22 15:59:57 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AV Audio Merger
[2010/06/27 03:27:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Azureus
[2010/05/25 10:05:30 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Facebook
[2009/12/05 04:19:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FileZilla
[2009/11/09 12:24:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Flickr
[2010/06/25 03:47:32 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\GameHouse
[2010/05/21 00:10:26 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\GamesCafe
[2010/02/09 15:40:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Leadertech
[2010/06/24 22:41:34 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Merscom
[2010/06/25 04:05:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Peace Craft
[2010/05/28 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Pi Eye Games
[2010/05/28 11:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PlayFirst
[2010/05/18 04:18:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\RainbowGames
[2010/06/17 17:33:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Red Kawa
[2009/12/21 18:14:11 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SAS
[2010/05/27 07:00:26 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Sudden Games
[2009/11/03 17:49:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Teleca
[2009/09/30 17:35:01 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Thunderbird
[2010/06/17 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\XLink Kai
[2010/06/28 00:01:17 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/06/28 15:23:09 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/12 22:56:03 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/28 15:23:40 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:404390E0
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:02A78DF6
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:EAEE7554
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:908A1B53
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E1610EDC
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:178093AE
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:93B0BB6F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:8C81B36D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C86B29EB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:38E2864F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A6346EE9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E412AAF2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D2A5A561
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A774141A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:EC7C9796
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2F0007D6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:00811B66
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9EC86225
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:80B291A7
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:92A815D8
< End of report >



=============================

OTL Extras logfile created on: 12/07/2010 23:34:30 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Mark\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 43.81 Gb Free Space | 29.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"Creative PD0870" = Creative WebCam Live! Motion Driver (1.11.01.00)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 19
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{2773B836-AC66-4178-A414-C5A0F9F5D805}" = XLink Kai
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EC1177C-E3E8-4CEE-8E9F-E6D4E6F7B2E2}_is1" = WinDS PRO DSi 2.2.1
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD3C4A64-E7DC-11D4-AC4A-00C04F3876CD}" = SAS System 9.0
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek PCI Fast Ethernet Controller Driver For Vista and Win7
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F24E832F-44B4-4AC7-AA88-8EF94B9776BC}" = HTC Sync
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"36ac3ae4fcc511dab0f6f685d746a93a" = SAS/Graph Java Applets for 9.2
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Able RAWer_is1" = Able RAWer 1.4.10.15
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AV Audio Merger_is1" = AV Audio Merger 3.1
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"BFG-Agatha Christie - 450 from Paddington" = Agatha Christie: 4:50 from Paddington
"BFG-Agatha Christie - Peril at End House" = Agatha Christie: Peril at End House
"BFG-Artist Colony" = Artist Colony
"BFGC" = Big Fish Games: Game Manager
"BFG-Cate West - The Vanishing Files" = Cate West: The Vanishing Files
"BFG-Lost in the City" = Lost in the City
"BFG-Murder She Wrote" = Murder, She Wrote
"BFG-SpongeBob SquarePants Krabby Quest" = SpongeBob SquarePants Krabby Quest
"BFG-Wandering Willows" = Wandering Willows
"Blood Oath 1.00" = Blood Oath 1.00
"Burn4Free" = Burn4Free CD and DVD
" Ŀ2 " = Ŀ2
"Chocolatier" = Chocolatier
"Diner Dash" = Diner Dash
"Diner Dash - Flo on the Go" = Diner Dash - Flo on the Go
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dream Chronicles" = Dream Chronicles
"ENTERPRISE" = Microsoft Office Enterprise 2007
"febb569a337f725f5f8607711f665d3b" = SAS VJR
"FileZilla Client" = FileZilla Client 3.3.0.1
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Fotosizer" = Fotosizer 1.27
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"Magic Uneraser" = Magic Uneraser 2.0
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Minefield (3.7a1pre)" = Minefield (3.7a1pre)
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"My Kingdom for the Princess! ." = My Kingdom for the Princess! .
"Picasa 3" = Picasa 3
"PSP Video 9" = PSP Video 9 5.03
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Virtual Villagers 4 - The Tree of Life1.0" = Virtual Villagers 4 - The Tree of Life
"VLC media player" = VLC media player 1.0.2
"VobSub" = VobSub v2.23 (Remove Only)
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMA Merger_is1" = WMA Merger version 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"b7c0bad11b91039e" = Album Downloader
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/07/2010 01:05:57 | Computer Name = Hal | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 13/07/2010 01:06:12 | Computer Name = Hal | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 13/07/2010 01:06:22 | Computer Name = Hal | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 13/07/2010 01:07:27 | Computer Name = Hal | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 13/07/2010 01:08:00 | Computer Name = Hal | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 13/07/2010 01:11:26 | Computer Name = Hal | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 13/07/2010 01:38:35 | Computer Name = Hal | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 13/07/2010 01:43:39 | Computer Name = Hal | Source = Application Error | ID = 1000
Description = Faulting application name: zdptbm.exe, version: 0.0.0.0, time stamp:
0x4bfced95 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00033072 Faulting process id:
0x1d2c Faulting application start time: 0x01cb224e570ee310 Faulting application path:
C:\Users\Mark\AppData\Local\Temp\zdptbm.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 96078590-8e41-11df-9b84-001e68008cc1

Error - 13/07/2010 02:08:15 | Computer Name = Hal | Source = Application Error | ID = 1000
Description = Faulting application name: vcqqlc.exe, version: 0.0.0.0, time stamp:
0x4bfced95 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00033072 Faulting process id:
0x2704 Faulting application start time: 0x01cb2251c6f34470 Faulting application path:
C:\Users\Mark\AppData\Local\Temp\vcqqlc.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 057e7f20-8e45-11df-9b84-001e68008cc1

Error - 13/07/2010 02:08:22 | Computer Name = Hal | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 01/03/2010 22:22:46 | Computer Name = Hal | Source = MCUpdate | ID = 0
Description = 18:22:46 - Error connecting to the internet. 18:22:46 - Unable
to contact server..

Error - 01/03/2010 22:22:58 | Computer Name = Hal | Source = MCUpdate | ID = 0
Description = 18:22:51 - Error connecting to the internet. 18:22:51 - Unable
to contact server..

Error - 26/03/2010 20:00:46 | Computer Name = Hal | Source = MCUpdate | ID = 0
Description = 17:00:45 - Error connecting to the internet. 17:00:45 - Unable
to contact server..

Error - 26/03/2010 20:00:56 | Computer Name = Hal | Source = MCUpdate | ID = 0
Description = 17:00:51 - Error connecting to the internet. 17:00:51 - Unable
to contact server..

Error - 26/03/2010 23:13:21 | Computer Name = Hal | Source = MCUpdate | ID = 0
Description = 20:13:21 - Error connecting to the internet. 20:13:21 - Unable
to contact server..

Error - 26/03/2010 23:13:32 | Computer Name = Hal | Source = MCUpdate | ID = 0
Description = 20:13:26 - Error connecting to the internet. 20:13:26 - Unable
to contact server..

Error - 27/03/2010 13:50:54 | Computer Name = Hal | Source = MCUpdate | ID = 0
Description = 10:50:54 - Error connecting to the internet. 10:50:54 - Unable
to contact server..

Error - 27/03/2010 13:51:08 | Computer Name = Hal | Source = MCUpdate | ID = 0
Description = 10:51:00 - Error connecting to the internet. 10:51:00 - Unable
to contact server..

Error - 27/03/2010 21:54:05 | Computer Name = Hal | Source = MCUpdate | ID = 0
Description = 18:54:05 - Error connecting to the internet. 18:54:05 - Unable
to contact server..

Error - 27/03/2010 21:54:18 | Computer Name = Hal | Source = MCUpdate | ID = 0
Description = 18:54:11 - Error connecting to the internet. 18:54:11 - Unable
to contact server..

[ System Events ]
Error - 22/06/2010 17:17:13 | Computer Name = Hal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 22/06/2010 17:17:14 | Computer Name = Hal | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 6 Processor ID: 1 The details view of this entry contains
further information.

Error - 22/06/2010 20:43:02 | Computer Name = Hal | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 22/06/2010 20:43:33 | Computer Name = Hal | Source = Service Control Manager | ID = 7000
Description = The rimmptsk service failed to start due to the following error: %%1058

Error - 22/06/2010 20:43:33 | Computer Name = Hal | Source = Service Control Manager | ID = 7000
Description = The rimsptsk service failed to start due to the following error: %%1058

Error - 22/06/2010 20:43:33 | Computer Name = Hal | Source = Service Control Manager | ID = 7000
Description = The Ricoh xD-Picture Card Driver service failed to start due to the
following error: %%1058

Error - 22/06/2010 20:44:03 | Computer Name = Hal | Source = DCOM | ID = 10010
Description =

Error - 22/06/2010 20:44:05 | Computer Name = Hal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

Error - 22/06/2010 20:44:07 | Computer Name = Hal | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

Error - 22/06/2010 20:44:07 | Computer Name = Hal | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 6 Processor ID: 1 The details view of this entry contains
further information.


< End of report >












====================

thanks again for your help!


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:58 PM

Posted 13 July 2010 - 05:15 PM

There's some definite trace of something nasty there.

Run OTL again as below

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010/07/12 22:56:03 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/06/28 15:23:40 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
:files
C:\Windows\tasks\At*.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Posted Image
m0le is a proud member of UNITE

#7 Rocky O

Rocky O
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 17 July 2010 - 12:37 AM

Hello M0le thank you for helping me again, thumbup2.gif here is the log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.9.0 log created on 07162010_223129


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:58 PM

Posted 18 July 2010 - 04:40 AM

So far, so good. smile.gif


Please run MBAM next

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Now please use Superantispyware

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:58 PM

Posted 20 July 2010 - 06:58 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:58 PM

Posted 22 July 2010 - 07:49 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users