Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Google Redirect problem


  • This topic is locked This topic is locked
12 replies to this topic

#1 jac1984

jac1984

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 08 August 2010 - 04:31 PM

Hi, Iím having a Google redirect problem on my XP PC (SP3) that I canít seem to shake.

I picked up the problem a week or two ago as part of a false AV infection.

Iíve updated and run various virus scans (McAfee, MBAM, Ad-aware, Spybot) and they removed most of the infection but the Google redirect problem remains, ie, click on search results and get redirected to strange websites (often k-directory.co.uk).

I also have a potentially unrelated problem - i can't use any USB keyboards. I suspect the the driver has been corrupted somehow. I've tried uninstalling the keyboard via device manager and reinstalling it (and other USB keyboards) but no luck. Currently using an old non-USB keyboard.

Some expert help would be appreciated!

Here are my logs. Note that I has to run GMER in safe mode to prevent it from crashing.


DDS (Ver_10-03-17.01) - NTFSx86
Run by James at 17:19:03.53 on Sun 08/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2247 [GMT 10:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\TVersity\MediaServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\James\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [CTHelper] CTHELPER.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238147343859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {24900186-678F-422D-ABAA-0CEC877DBFC3} = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-26 64160]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-4 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-28 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-3-28 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-3-28 144704]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-18 25824]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-3-28 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-28 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-28 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-28 40552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2009-3-27 36048]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-28 34248]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-1-14 38976]

=============== Created Last 30 ================

2010-07-28 10:07:03 0 d--h--w- c:\docume~1\alluse~1\applic~1\ArcSoft
2010-07-24 07:46:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-07-24 07:45:49 0 d-----w- c:\docume~1\james\applic~1\ICAClient
2010-07-24 07:45:28 0 d-----w- c:\program files\Citrix

==================== Find3M ====================

2010-08-07 05:12:59 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-16 19:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 05:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-06-08 01:30:38 311296 ----a-w- c:\windows\system32\TubeFinder.exe

============= FINISH: 17:20:30.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:27 AM

Posted 16 August 2010 - 02:44 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manŤ acchŤ?
Yadi thakŤ, tahalŤ
Ki kshama kartŤ paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 jac1984

jac1984
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 16 August 2010 - 04:44 PM

Hi Elle and thank you for your help.

I think I have have fixed my problem, at least partially. I ran Hitman and it identified (but could not fix) an infected kbdhid.sys file. I had suspect that my google redirect problem and my keyboard problem were not related but obviously they were.

I then copied a clean version of kbdhid.sys from a XP SP3 maching into the system32\drivers and system32\dllcache folders.

Everything seems to be working ok now with the exception of two (potentially unrelated) problems:
1. Internet Explorer seems more unstable than unsual - if I open multiple windows sorner or later it seems to crash; and
2. Sometimes I can't boot my PC - I switch it on and the lights come on but the fan surges and the system hangs, ie, the HDD does not 'chug' and the screen stays blank. I suspect that this might be a motherboard or power supply issue.

Anyway, I've attached some updated logs and, given i'm still having a couple of issues, I was hoping that your could look at the logs and confirm that I'm clean. I've not been able to run GMER but will try again in safe mode.

Regards,
James

Attached Files


Edited by jac1984, 16 August 2010 - 04:50 PM.


#4 jac1984

jac1984
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 17 August 2010 - 06:14 PM

I haven't been able to run GMER due to my booting problem. Hopefully you can confirm that my PC is clean from other scans.
Best regards,
James

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:27 PM

Posted 19 August 2010 - 07:16 AM

Hi,

please try running Rootkit Unhooker instead:
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 jac1984

jac1984
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 20 August 2010 - 11:57 PM

Thanks myrti.

here's the log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3, v.5657)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6B8F000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 10604544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6344704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.96 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB3A4B000 C:\WINDOWS\System32\drivers\ha10kx2k.sys 1089536 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xB3957000 C:\WINDOWS\System32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xB2737000 C:\WINDOWS\system32\CTSBLFX.DLL 581632 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0xB7E5B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB28B5000 C:\WINDOWS\system32\CTAUDFX.DLL 569344 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0xB6ABB000 C:\WINDOWS\system32\drivers\ctaud2k.sys 516096 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xB360F000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xB36D1000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB38CB000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB5CA8000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xB2A73000 C:\WINDOWS\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xB2BDD000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB6A40000 C:\WINDOWS\system32\drivers\ctoss2k.sys 212992 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB369E000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xB3A1C000 C:\WINDOWS\System32\drivers\emupia2k.sys 192512 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB2D0E000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7E2E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB3B55000 C:\WINDOWS\System32\drivers\hap16v2k.sys 176128 bytes (Creative Technology Ltd, Creative EMU10KX-P16v HAL (WDM))
0xB0B67000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB3741000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB39F3000 C:\WINDOWS\System32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xB382E000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB38A4000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xB3856000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB0BE2000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB6A97000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6B39000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6A74000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB380C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7F11000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB6B5D000 C:\WINDOWS\System32\DRIVERS\b57xp32.sys 122880 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xB2940000 C:\WINDOWS\system32\COMMONFX.DLL 110592 bytes (Creative Technology Ltd, Creative Common FX Plug-in)
0xB7E14000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB35F7000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7EE8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB5D12000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB2630000 C:\WINDOWS\system32\drivers\PfModNT.sys 94208 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xB2F49000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB368A000 C:\WINDOWS\system32\DRIVERS\ctxusbm.sys 81920 bytes (Citrix Systems, Inc., Citrix USB Filter Driver)
0xB69E9000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB6B7B000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB3924000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB1B2B000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB7EFF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB5D01000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB8308000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8148000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB75CC000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB75BC000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB82B8000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB75EC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8118000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB80B8000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB8158000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB31EE000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8238000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80C8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB8108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB81C8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB762C000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB81E8000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB82E8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB75AC000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB81D8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8218000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8128000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB8208000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB763C000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB760C000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB8298000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xB8318000 C:\WINDOWS\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xB2478000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xB81F8000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB82C8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB0C36000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB82A8000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8408000 C:\WINDOWS\System32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xB8498000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8468000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8400000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8410000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB8478000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8390000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xB8388000 C:\WINDOWS\system32\drivers\mferkdk.sys 28672 bytes (McAfee, Inc., VSCore Code Analysis Driver)
0xB8358000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xB8328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8418000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8438000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8440000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8360000 C:\WINDOWS\system32\DRIVERS\point32.sys 24576 bytes (Microsoft Corporation, Point32.sys)
0xB83F8000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB8480000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8460000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB83A8000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xB8490000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB83D8000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0xB8428000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB83E0000 C:\WINDOWS\system32\DRIVERS\purendis.sys 20480 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0xB8430000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8420000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8378000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB1079000 C:\WINDOWS\System32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xB3B98000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7DDB000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB3262000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB8598000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB857C000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB77C0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB77BC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 12288 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB8594000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xB3BA0000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB3B94000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB85A0000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB8554000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB85FE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB861C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8600000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB863A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB8602000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85F0000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85F8000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB874F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB8742000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB86BB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x03660000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8A222520 ] PID: 400, 307200 bytes


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:27 PM

Posted 25 August 2010 - 02:32 AM

Hi,

I believe you took out the infection by replacing kbdclass.sys. However there are some leftovers I think we should remove.

Please run a scan with OTL:
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 jac1984

jac1984
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 25 August 2010 - 05:30 AM

Thanks. I thought there might be some 'leftovers'.

Here are the logs:

OLT.txt

OTL logfile created on: 25/08/2010 8:09:24 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\James\Desktop
Windows XP Home Edition Service Pack 3, v.5657 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 686.78 Gb Free Space | 73.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDY-COMPUTER
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/25 20:08:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
PRC - [2010/08/07 15:12:50 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/25 16:26:02 | 000,884,736 | ---- | M] () -- C:\Program Files\TVersity\MediaServer.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/20 23:44:02 | 012,978,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/10/29 05:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/04/18 03:51:06 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2009/03/28 09:08:08 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/12/20 06:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 06:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2007/11/30 23:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/09 11:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/11/22 11:08:57 | 000,813,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2003/09/17 09:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 00:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2010/08/25 20:08:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2007/11/30 23:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/11/30 23:23:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/09 11:32:30 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/07 15:12:50 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/25 16:26:02 | 000,884,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/21 06:24:39 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/04/18 03:51:06 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)


========== Driver Services (SafeList) ==========

DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/07/10 08:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/01/14 07:50:35 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/10/05 10:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/07/04 00:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/12/17 16:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 16:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2008/12/17 16:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 16:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/11/30 17:32:32 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2007/11/30 17:32:30 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2007/11/30 17:32:26 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2007/11/30 16:31:16 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/30 16:30:58 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/12 11:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/08/23 13:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2002/07/10 20:25:18 | 000,743,136 | R--- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2002/06/06 10:14:36 | 000,036,048 | ---- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5ln.sys -- (alcan5ln) Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-57989841-299502267-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-57989841-299502267-725345543-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-57989841-299502267-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-299502267-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/24 06:55:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2003/04/01 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-57989841-299502267-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-57989841-299502267-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.ap.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1238147343859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/27 17:52:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{865d261c-23f4-11de-8627-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-57989841-299502267-725345543-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/25 20:08:36 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2010/08/17 22:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/08/17 22:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Dell
[2010/08/17 22:15:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/08/17 22:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\Microsoft Corporation
[2010/08/17 22:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/08/10 17:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/08/10 17:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/08/10 17:15:23 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/08/10 17:15:19 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/08/10 17:15:18 | 010,260,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/08/10 17:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\HP Monitor
[2010/08/10 17:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/10 10:31:50 | 000,134,464 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\LnkProtect.dll
[2010/08/08 17:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\gmer
[2010/08/06 08:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/06 08:02:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/06 08:02:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/06 08:02:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/29 20:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\orlblfkqw
[2010/07/28 20:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Local Settings\Application Data\ArcSoft
[2010/07/28 20:07:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/07/28 20:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2009/03/27 18:34:25 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/25 20:14:36 | 000,100,770 | ---- | M] () -- C:\Documents and Settings\James\Desktop\RiotAct.zip
[2010/08/25 20:08:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2010/08/25 20:05:33 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/08/25 20:05:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 19:19:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 18:24:36 | 000,031,265 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/08/25 18:24:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 18:23:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 08:19:40 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/08/25 08:19:40 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/08/25 08:19:40 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/08/25 08:19:40 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/08/25 08:19:40 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/08/25 08:19:16 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\James\NTUSER.DAT
[2010/08/25 08:19:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\James\ntuser.ini
[2010/08/25 08:19:11 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF
[2010/08/25 08:19:11 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.BAK
[2010/08/24 22:57:58 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2010/08/24 22:40:20 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 22:16:55 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/08/24 18:23:35 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Microsoft Outlook.lnk
[2010/08/23 22:01:08 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\James\Desktop\TVersity.lnk
[2010/08/23 21:52:34 | 014,995,749 | ---- | M] () -- C:\Documents and Settings\James\Desktop\TVersitySetup_1_9_2.exe
[2010/08/23 00:20:49 | 000,011,905 | ---- | M] () -- C:\Documents and Settings\James\My Documents\New PC.docx
[2010/08/21 14:37:35 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\James\Desktop\RKUnhookerLE.EXE
[2010/08/21 14:16:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/18 15:43:31 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Publisher.lnk
[2010/08/18 13:22:07 | 000,322,048 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Patners Conference2.PPT
[2010/08/15 01:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/08/14 19:06:34 | 009,716,224 | ---- | M] () -- C:\Documents and Settings\James\My Documents\BBJFC Premiership Poster2.pub
[2010/08/12 19:14:05 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/10 17:16:21 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/08/10 17:16:21 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/10 17:16:16 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/08/10 17:16:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/08/10 16:53:52 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/10 16:42:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/08/10 14:52:12 | 002,624,656 | -H-- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\IconCache.db
[2010/08/10 14:43:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/10 11:51:42 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/08/10 11:51:42 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/08/10 11:51:42 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/08/10 11:51:42 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/08/10 11:51:42 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2010/08/10 11:24:14 | 000,000,242 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/08/10 10:31:50 | 000,134,464 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\LnkProtect.dll
[2010/08/08 17:20:36 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\James\Desktop\gmer.zip
[2010/08/08 17:06:19 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\James\Desktop\dds.scr
[2010/08/08 17:04:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Defogger.exe
[2010/08/07 15:12:59 | 000,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/05 08:20:51 | 006,322,176 | ---- | M] () -- C:\Documents and Settings\James\My Documents\BBJFC Premiership Poster.pub
[2010/08/01 08:33:35 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/07/28 20:09:46 | 000,000,273 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ArcSoft Products and Bonus Offers.url
[2010/07/28 20:08:40 | 000,001,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Scan-n-Stitch Deluxe.lnk
[2010/07/28 20:06:58 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Panorama Maker 5.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/25 20:14:35 | 000,100,770 | ---- | C] () -- C:\Documents and Settings\James\Desktop\RiotAct.zip
[2010/08/23 21:52:35 | 014,995,749 | ---- | C] () -- C:\Documents and Settings\James\Desktop\TVersitySetup_1_9_2.exe
[2010/08/22 01:54:37 | 000,011,905 | ---- | C] () -- C:\Documents and Settings\James\My Documents\New PC.docx
[2010/08/21 14:37:35 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\James\Desktop\RKUnhookerLE.EXE
[2010/08/18 13:22:06 | 000,322,048 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Patners Conference2.PPT
[2010/08/10 17:16:21 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/08/10 17:16:16 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/08/10 17:16:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/10 17:16:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010/08/10 17:15:23 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/08/10 17:15:17 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/10 15:46:03 | 000,031,056 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/08/10 15:46:03 | 000,031,056 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/08/10 15:46:03 | 000,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/08/10 15:46:03 | 000,030,528 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/08/10 15:46:03 | 000,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/08/10 15:45:35 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.BAK
[2010/08/10 15:43:28 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF
[2010/08/10 11:24:14 | 000,000,242 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/08/08 17:20:32 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\James\Desktop\gmer.zip
[2010/08/08 17:06:15 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\James\Desktop\dds.scr
[2010/08/08 17:04:40 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Defogger.exe
[2010/08/07 01:18:25 | 009,716,224 | ---- | C] () -- C:\Documents and Settings\James\My Documents\BBJFC Premiership Poster2.pub
[2010/08/05 01:01:28 | 006,322,176 | ---- | C] () -- C:\Documents and Settings\James\My Documents\BBJFC Premiership Poster.pub
[2010/07/28 20:09:16 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ArcSoft Products and Bonus Offers.url
[2010/07/28 20:08:40 | 000,001,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Scan-n-Stitch Deluxe.lnk
[2010/07/28 20:06:58 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Panorama Maker 5.lnk
[2010/05/02 00:43:45 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/29 11:02:54 | 000,004,724 | -HS- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\1200213083
[2010/04/29 11:02:54 | 000,004,724 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1200213083
[2010/04/29 10:58:55 | 000,004,732 | -HS- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\6EUB
[2010/04/29 10:58:55 | 000,004,732 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6EUB
[2010/03/08 21:07:24 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2010/03/08 21:05:07 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/03/01 21:03:58 | 000,000,760 | ---- | C] () -- C:\WINDOWS\AnimatorDV.INI
[2009/12/27 12:51:56 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/27 22:14:37 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2009/08/27 22:09:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/27 22:09:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/08/16 20:42:57 | 000,081,262 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2009/06/06 09:01:24 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2009/05/10 23:41:40 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/10 23:41:34 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/10 23:41:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/10 23:41:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/13 22:07:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\Altair_1.250.INI
[2009/04/12 17:47:42 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/03/29 14:32:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2009/03/29 14:32:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2009/03/28 21:04:34 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/28 17:01:26 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/27 21:55:01 | 000,005,607 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2009/03/27 18:35:19 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/03/27 18:34:34 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2009/03/27 18:34:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/03/27 18:34:29 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009/03/27 18:33:42 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\James\My Documents\Documents (Work):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\James\My Documents\Documents (Kids):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\James\My Documents\Documents (JC):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\James\My Documents\Documents (House):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\James\My Documents\Documents (Financial):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\James\My Documents\Documents (Family):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\James\My Documents\Documents (BCC):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\James\My Documents\Documents (BC):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\James\Desktop\Laptop Backup:Roxio EMC Stream
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
< End of report >


Extra.txt
OTL Extras logfile created on: 25/08/2010 8:09:24 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\James\Desktop
Windows XP Home Edition Service Pack 3, v.5657 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 686.78 Gb Free Space | 73.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDY-COMPUTER
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-57989841-299502267-725345543-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"3686:TCP" = 3686:TCP:*:Enabled:ITunes Sharing
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe" = C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- (THQ Canada Inc.)
"C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"C:\Documents and Settings\James\Local Settings\Temp\7782f45055dc4ba787f86cf5a171964b\RelicDownloader.exe" = C:\Documents and Settings\James\Local Settings\Temp\7782f45055dc4ba787f86cf5a171964b\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found
"C:\Documents and Settings\James\Local Settings\Temp\6fb658f6ebf5407da37f86f1314232b0\RelicDownloader.exe" = C:\Documents and Settings\James\Local Settings\Temp\6fb658f6ebf5407da37f86f1314232b0\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found
"C:\Documents and Settings\James\Local Settings\Temp\e289553af3e64bb994e81dce8fd8b352\RelicDownloader.exe" = C:\Documents and Settings\James\Local Settings\Temp\e289553af3e64bb994e81dce8fd8b352\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found
"C:\Documents and Settings\James\Local Settings\Temp\79b1005d4bae4d959b34661af296807e\RelicDownloader.exe" = C:\Documents and Settings\James\Local Settings\Temp\79b1005d4bae4d959b34661af296807e\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found
"C:\Program Files\BitTyrant\Azureus.exe" = C:\Program Files\BitTyrant\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Boxee\BOXEE.exe" = C:\Program Files\Boxee\BOXEE.exe:*:Enabled:Boxee -- (boxee.tv)
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager -- File not found
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet -- File not found
"C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe" = C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe:*:Enabled:PRTG_Network_Monitor_Admin_Tool -- File not found
"C:\Program Files\PRTG Network Monitor\PRTG Probe.exe" = C:\Program Files\PRTG Network Monitor\PRTG Probe.exe:*:Enabled:PRTG_Network_Monitor_Probe -- File not found
"C:\Program Files\PRTG Network Monitor\PRTG Server.exe" = C:\Program Files\PRTG Network Monitor\PRTG Server.exe:*:Enabled:PRTG_Network_Monitor_Server -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\TVersity\MediaServer.exe" = C:\Program Files\TVersity\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skypeô 4.0
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9DCE36-A270-4740-8084-A27B48C2F83E}" = MX-850 Editor
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD04643-5246-48AC-9D8C-F43A37BB8F36}" = WD Drive Manager (x86)
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnimatorDV Simple+ 9.02_is1" = AnimatorDV Simple+ 9.02
"Any Video Converter_is1" = Any Video Converter 2.7.8
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"BitTyrant" = BitTyrant
"Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Company of Heroes" = Company of Heroes
"Crayon Physics Deluxe Demo_is1" = Crayon Physics Deluxe Demo - release 52
"Cucusoft DVD to Apple TV + Apple TV Video Converter Suite_is1" = Cucusoft DVD to Apple TV + Apple TV Video Converter Suite 8.2.8
"DIVXCodec" = DivX Codec 3.1alpha release
"ESET Online Scanner" = ESET Online Scanner v3
"Family Tree Maker 2009" = Family Tree Maker 2009
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Free FLV Converter_is1" = Free FLV Converter V 6.8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.0
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MP3 Converter Simple" = MP3 Converter Simple
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.2
"PeerGuardian_is1" = PeerGuardian 2.0
"PremElem80" = Adobe Premiere Elements 8.0
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SystemRequirementsLab" = System Requirements Lab
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"UnityWebPlayer" = Unity Web Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-299502267-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BOXEE" = Boxee

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/08/2010 5:55:15 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application azureus.exe, version 1.0.0.0, faulting module
java.dll, version 6.0.210.7, fault address 0x00004e20.

Error - 10/08/2010 5:55:27 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.3264, fault address 0x0001295d.

Error - 10/08/2010 5:58:24 AM | Computer Name = STUDY-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application Azureus.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/08/2010 7:23:28 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application azureus.exe, version 1.0.0.0, faulting module
java.dll, version 6.0.210.7, fault address 0x00004e20.

Error - 10/08/2010 7:24:19 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ieui.dll, version 7.0.5730.13, fault address 0x000061b1.

Error - 13/08/2010 9:55:13 PM | Computer Name = STUDY-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/08/2010 7:00:12 AM | Computer Name = STUDY-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/08/2010 8:46:10 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application azureus.exe, version 1.0.0.0, faulting module
java.dll, version 6.0.210.7, fault address 0x00004e20.

Error - 16/08/2010 8:38:46 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module mshtml.dll, version 7.0.6000.16809, fault address 0x000982e8.

Error - 21/08/2010 8:49:07 AM | Computer Name = STUDY-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 10/08/2010 5:55:15 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application azureus.exe, version 1.0.0.0, faulting module
java.dll, version 6.0.210.7, fault address 0x00004e20.

Error - 10/08/2010 5:55:27 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.3264, fault address 0x0001295d.

Error - 10/08/2010 5:58:24 AM | Computer Name = STUDY-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application Azureus.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/08/2010 7:23:28 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application azureus.exe, version 1.0.0.0, faulting module
java.dll, version 6.0.210.7, fault address 0x00004e20.

Error - 10/08/2010 7:24:19 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module ieui.dll, version 7.0.5730.13, fault address 0x000061b1.

Error - 13/08/2010 9:55:13 PM | Computer Name = STUDY-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/08/2010 7:00:12 AM | Computer Name = STUDY-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/08/2010 8:46:10 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application azureus.exe, version 1.0.0.0, faulting module
java.dll, version 6.0.210.7, fault address 0x00004e20.

Error - 16/08/2010 8:38:46 AM | Computer Name = STUDY-COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module mshtml.dll, version 7.0.6000.16809, fault address 0x000982e8.

Error - 21/08/2010 8:49:07 AM | Computer Name = STUDY-COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 1/04/2009 2:28:30 AM | Computer Name = STUDY-COMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4290
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/06/2009 7:01:59 PM | Computer Name = STUDY-COMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/07/2009 6:23:41 PM | Computer Name = STUDY-COMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/11/2009 1:50:25 AM | Computer Name = STUDY-COMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/02/2010 10:10:08 AM | Computer Name = STUDY-COMPUTER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20178
seconds with 4980 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23/08/2010 1:54:26 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 23/08/2010 1:55:15 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 23/08/2010 5:17:15 PM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 23/08/2010 5:18:04 PM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 24/08/2010 4:21:30 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 24/08/2010 4:22:48 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 24/08/2010 5:52:08 PM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 24/08/2010 5:52:39 PM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 25/08/2010 4:24:01 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 25/08/2010 4:24:30 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

[ System Events ]
Error - 23/08/2010 1:54:26 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 23/08/2010 1:55:15 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 23/08/2010 5:17:15 PM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 23/08/2010 5:18:04 PM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 24/08/2010 4:21:30 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 24/08/2010 4:22:48 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 24/08/2010 5:52:08 PM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 24/08/2010 5:52:39 PM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 25/08/2010 4:24:01 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 25/08/2010 4:24:30 AM | Computer Name = STUDY-COMPUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.


< End of report >


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:27 PM

Posted 25 August 2010 - 06:24 AM

Hi,

that log is looking clean. How is the PC doing? Everything still fine?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 jac1984

jac1984
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 25 August 2010 - 06:52 AM

Yep. It seems to be ok.

I have an intermitted booting problem but I'm pretty sure my graphics card is causing that.

If my logs look ok then I guess we're done?


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:27 PM

Posted 25 August 2010 - 08:27 AM

Hi,

yes, I think we're done. Please remove the programs we used:
Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  2. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  3. Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!

Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 jac1984

jac1984
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 25 August 2010 - 10:11 PM

Great. Thanks for all your help myrti!


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:27 PM

Posted 26 August 2010 - 02:34 AM

Heya,

glad we could help! thumbup.gif

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users