akira_yuki13

Members

View Profile See their activity

Posts
12
Joined
October 28, 2010
Last visited
November 1, 2010

Reputation

0 Neutral

Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

I really thank you sir for the help, wish i could also be like you so i can help others with their virus/rootkits problems. Greatly appreciated sir, God bless and take care. ^^
- November 1, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

Things are running great now thanks to your help sir, as you requested here is the OTL log OTL logfile created on: 10/31/2010 9:41:57 PM - Run 2 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Arron\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 12.00% Memory free 6.00 Gb Paging File | 1.00 Gb Available in Paging File | 10.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195.41 Gb Total Space | 50.01 Gb Free Space | 25.59% Space Free | Partition Type: NTFS Drive D: | 368.05 Gb Total Space | 153.92 Gb Free Space | 41.82% Space Free | Partition Type: NTFS Drive E: | 368.05 Gb Total Space | 285.78 Gb Free Space | 77.65% Space Free | Partition Type: NTFS Drive H: | 3.75 Gb Total Space | 1.12 Gb Free Space | 30.01% Space Free | Partition Type: FAT32 Drive Z: | 824.62 Gb Total Space | 509.07 Gb Free Space | 61.73% Space Free | Partition Type: NTFS Computer Name: ARRON-PC | User Name: Arron | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Arron\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) PRC - C:\Users\Arron\My Documents\BOIGB - Bot - 09.08.2010\BOIGB.exe (MQ2Emu.com) PRC - C:\Perfect World Entertainment\Battle of the Immortals\Bin\Game.exe () PRC - c:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe (Corel Corporation) PRC - C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe (Adobe Systems, Incorporated) PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) PRC - C:\xampp\xampp-control.exe () PRC - C:\Program Files\Blaze Media Pro\NMSAccess32.exe () PRC - D:\ARRON\INSTALLERS\Desktops.exe (Sysinternals - www.sysinternals.com) ========== Modules (SafeList) ========== MOD - C:\Users\Arron\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\TeamViewer\Version5\TV.dll (TeamViewer GmbH) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe () SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe () SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) ========== Driver Services (SafeList) ========== DRV - (DgiVecp) -- C:\Windows\System32\Drivers\DgiVecp.sys File not found DRV - (catchme) -- C:\Users\Arron\AppData\Local\Temp\catchme.sys File not found DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 3E 27 E0 48 78 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/10/30 19:34:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKCU..\Run: [Google Update] C:\Users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [uTorrent] C:\Users\Arron\Downloads\utorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2010/10/31 17:50:58 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/31 21:38:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Arron\Desktop\OTL.exe [2010/10/30 22:37:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\to be printed [2010/10/30 20:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/10/30 19:34:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2010/10/30 19:25:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/10/30 18:18:26 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\temp [2010/10/30 18:09:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/10/30 18:09:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/10/30 18:09:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/10/30 18:08:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/10/30 15:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2010/10/30 15:26:40 | 050,449,456 | ---- | C] (Microsoft Corporation) -- C:\Users\Arron\Desktop\dotNetFx40_Full_x86_x64.exe [2010/10/30 12:59:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Softland [2010/10/30 12:59:49 | 000,022,856 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmn7.dll [2010/10/30 12:59:49 | 000,019,784 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmi7.dll [2010/10/30 12:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Softland [2010/10/28 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2010/10/28 20:45:02 | 000,000,000 | ---D | C] -- C:\_OTM [2010/10/28 20:43:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/10/26 12:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Blaze Media Pro [2010/10/26 12:22:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6} [2010/10/26 12:21:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\PackageAware [2010/10/21 13:39:26 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/10/20 22:34:37 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\TeamViewer [2010/10/20 22:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2010/10/20 16:52:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\GTH Documents [2010/10/19 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\USB [2010/10/19 17:01:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\Web joyfze [2010/10/19 16:16:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\ElevatedDiagnostics [2010/10/13 13:25:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\FileZilla [2010/10/13 12:11:18 | 000,000,000 | ---D | C] -- C:\$AVG [2010/10/10 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel [2010/10/10 18:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2010/10/10 18:58:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Corel [2010/10/10 12:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010/10/10 12:21:08 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys [2010/10/10 12:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc [2010/10/10 12:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO [2010/10/10 12:19:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\WinRAR [2010/10/10 12:11:29 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/10/10 12:11:29 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/10/10 12:11:29 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/10/10 12:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010/10/10 11:45:09 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\AskToolbar [2010/10/10 11:39:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2010/10/09 22:48:06 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010/10/09 22:47:53 | 000,000,000 | ---D | C] -- C:\Boot [2010/10/09 22:39:03 | 000,000,000 | ---D | C] -- C:\Windows.old.000 [2010/10/09 22:32:32 | 000,000,000 | ---D | C] -- C:\Windows.old [2010/10/09 22:01:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010/10/09 21:59:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010/10/09 21:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player [2010/10/09 21:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2010/10/09 21:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010/10/09 21:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010/10/09 21:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/10/09 21:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2010/10/09 21:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2010/10/09 21:24:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\uTorrent [2010/10/09 20:09:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Adobe [2010/10/09 19:38:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Yahoo! [2010/10/09 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Deployment [2010/10/09 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Apps [2010/10/09 19:02:21 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\IndigoRose [2010/10/09 19:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/10/09 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IndigoRose [2010/10/09 19:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\AutoPlay Media Studio 8 Trial [2010/10/09 18:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2010/10/09 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2010/10/09 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis [2010/10/09 18:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2010/10/09 18:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2010/10/09 17:55:36 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll [2010/10/09 17:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2010/10/09 17:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2010/10/09 17:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010/10/09 17:50:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010/10/09 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010/10/09 17:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2010/10/09 17:47:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Microsoft Help [2010/10/09 17:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010/10/09 17:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010/10/09 17:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2010/10/09 17:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2010/10/09 17:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2010/10/09 17:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/10/09 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Google [2010/10/09 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010/10/09 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\ZendOptimizer-3.3.9-linux-glibc23-i386 [2010/10/09 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Visual Studio 2008 [2010/10/09 17:00:33 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\OneNote Notebooks [2010/10/09 16:56:44 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\My Palettes [2010/10/09 16:56:44 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\My eBooks [2010/10/09 16:56:43 | 000,000,000 | --SD | C] -- C:\Users\Arron\Documents\My Data Sources [2010/10/09 16:56:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Modern [2010/10/09 16:56:35 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\magazine ads [2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\good sofas (MI CASA) [2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\good dining sets ( MI CASA) [2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\FURNITURE SCANS [2010/10/09 16:55:14 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010/10/09 16:55:08 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010/10/09 16:54:59 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010/10/09 16:54:55 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010/10/09 16:54:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg [2010/10/09 16:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2010/10/09 16:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [2010/10/09 16:46:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Malwarebytes [2010/10/09 16:46:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/10/09 16:45:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/10/09 16:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/10/09 16:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/10/09 16:36:15 | 000,000,000 | -H-D | C] -- C:\Users\Arron\Documents\Downloads [2010/10/09 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\CyberLink [2010/10/09 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\covers [2010/10/09 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Corel User Files [2010/10/09 16:36:10 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Corel [2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Classic Presentation [2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\CCCLeaner Registry Back Up [2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\c4d [2010/10/09 16:36:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\BOIGB - Bot - 09.08.2010 [2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\AutoPlay Media Studio 8 [2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Anvsoft [2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\After Effects Composition [2010/10/09 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate [2010/10/09 16:27:33 | 000,000,000 | ---D | C] -- C:\Windows\Samsung [2010/10/09 16:27:20 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll [2010/10/09 16:27:20 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll [2010/10/09 16:27:20 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll [2010/10/09 16:27:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll [2010/10/09 16:27:20 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2r.dll [2010/10/09 16:27:19 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2.dll [2010/10/09 16:27:19 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2a.dll [2010/10/09 16:26:54 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sst1cci.exe [2010/10/09 16:26:54 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sst1cci.dll [2010/10/09 16:25:57 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS [2010/10/09 16:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2010/10/09 16:24:05 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Diagnostics [2010/10/09 16:23:24 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Adobe CS4 Master Collection [2010/10/09 16:21:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Adobe [2010/10/09 16:21:25 | 003,795,360 | ---- | C] (Piriform Ltd) -- C:\Users\Arron\Documents\rcsetup138.exe [2010/10/09 16:21:25 | 001,759,261 | ---- | C] (Simon Tatham ) -- C:\Users\Arron\Documents\putty-0.60-installer.exe [2010/10/09 16:21:25 | 001,244,536 | ---- | C] (Piriform Ltd) -- C:\Users\Arron\Documents\spsetup103.exe [2010/10/09 16:21:21 | 010,344,252 | ---- | C] (Kalendra, Ltd. ) -- C:\Users\Arron\Documents\KalendraSetup.exe [2010/10/09 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\WEBSITE AC 3.0 [2010/10/09 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\WAREHOUSE FLOORPLAN [2010/10/09 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VIVIONA LOVE SEAT [2010/10/09 16:18:43 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VILLA PRESENTATION [2010/10/09 16:18:28 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VIDEOS [2010/10/09 16:18:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Tapestries [2010/10/09 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\stands [2010/10/09 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\SREEJA [2010/10/09 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\SAJEEV [2010/10/09 16:18:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ROMA [2010/10/09 16:17:59 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Quotation [2010/10/09 16:17:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PSD [2010/10/09 16:17:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PRESENTATIONS [2010/10/09 16:17:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PICTURES FROM E-MAIL [2010/10/09 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\pdf-quotation-mr.dory [2010/10/09 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PDF [2010/10/09 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Pablo [2010/10/09 16:15:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\now [2010/10/09 16:15:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\new pix [2010/10/09 16:15:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\New Items [2010/10/09 16:15:38 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\NEW BEDS [2010/10/09 16:15:37 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Nastassia Side Table [2010/10/09 16:15:30 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ms nagham [2010/10/09 16:14:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ms gulnora [2010/10/09 16:11:22 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MS BAHAR [2010/10/09 16:11:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Mr. Henry's Qoute [2010/10/09 16:10:38 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MR MAHMOUD [2010/10/09 16:10:26 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mr henry [2010/10/09 16:10:19 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MR EMAMI [2010/10/09 16:02:30 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mr dory [2010/10/09 16:02:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mp3 [2010/10/09 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\modern [2010/10/09 15:58:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Map [2010/10/09 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Mantellasi [2010/10/09 15:57:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Madam Emami [2010/10/09 15:55:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Khalifa [2010/10/09 15:55:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\JPGS [2010/10/09 15:55:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\IT Dept [2010/10/09 15:54:33 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\IMAGES [2010/10/09 15:54:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\HAJRI FLOOR PLAN PDF [2010/10/09 15:54:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\hajri [2010/10/09 15:54:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\geremyYYYYYYYYYYYYYYYYY [2010/10/09 15:54:27 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\GAMELLINUS [2010/10/09 15:54:19 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\FURNITURE DAMAGES [2010/10/09 15:53:42 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\from camera [2010/10/09 15:53:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\For website used [2010/10/09 15:52:50 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\FILES [2010/10/09 15:52:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\EXCEL [2010/10/09 15:52:35 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ENCODED PSD [2010/10/09 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\e-mail format intro [2010/10/09 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\dining [2010/10/09 15:43:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\DESKTOP FOLDERs [2010/10/09 15:43:04 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\CURTAINS [2010/10/09 15:43:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\COFFEE TABLES [2010/10/09 15:42:55 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Chandelier Pics [2010/10/09 15:42:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\cd menu [2010/10/09 15:39:13 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\CATALOG [2010/10/09 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\BAMBINO [2010/10/09 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\BAMBI2 [2010/10/09 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\background' [2010/10/09 15:38:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\asdasdasdasdasdasd [2010/10/09 15:38:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Arron [2010/10/09 15:37:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ALL GTH BEDS EDITED [2010/10/09 15:37:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\AL MANA COMPARISON [2010/10/09 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Al Mana [2010/10/09 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Abdulllah [2010/10/09 15:31:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\2 [2010/10/09 15:30:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\ChikkaDefault [2010/10/09 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Yahoo! [2010/10/09 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Yahoo [2010/10/09 15:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2010/10/09 15:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2010/10/09 14:59:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010/10/09 13:51:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Macromedia [2010/10/09 13:50:42 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Adobe [2010/10/09 13:50:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2010/10/09 11:26:56 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/10/09 11:08:12 | 000,000,000 | R--D | C] -- C:\Users\Arron\Searches [2010/10/09 11:08:12 | 000,000,000 | -H-D | C] -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2010/10/09 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Identities [2010/10/09 11:08:02 | 000,000,000 | R--D | C] -- C:\Users\Arron\Contacts [2010/10/09 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\VirtualStore [2010/10/09 11:07:49 | 000,000,000 | --SD | C] -- C:\Users\Arron\AppData\Roaming\Microsoft [2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Start Menu [2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Documents\My Pictures [2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Documents\My Music [2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\My Documents [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Videos [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Saved Games [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Pictures [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Music [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Links [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Favorites [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Downloads [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\My Documents [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Desktop [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\Temporary Internet Files [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Templates [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\SendTo [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Recent [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\PrintHood [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\NetHood [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Documents\My Videos [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Local Settings [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\History [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Cookies [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Application Data [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\Application Data [2010/10/09 11:07:49 | 000,000,000 | -H-D | C] -- C:\Users\Arron\AppData [2010/10/09 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Microsoft [2010/10/09 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Media Center Programs [2010/10/09 11:07:35 | 000,000,000 | ---D | C] -- C:\Recovery [2010/10/06 17:29:26 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010/10/06 17:19:04 | 000,000,000 | ---D | C] -- C:\NVIDIA [1 C:\Users\Arron\Documents\*.tmp files -> C:\Users\Arron\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/10/31 21:38:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Arron\Desktop\OTL.exe [2010/10/31 21:22:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job [2010/10/31 21:20:05 | 000,032,059 | ---- | M] () -- C:\Users\Arron\Desktop\2_209056269l.jpg [2010/10/31 19:13:39 | 002,924,376 | ---- | M] () -- C:\Users\Arron\Desktop\CLASSIC_01.pdf [2010/10/31 18:01:53 | 067,040,961 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/10/31 16:49:32 | 000,062,449 | ---- | M] () -- C:\Users\Arron\CCF10292010_00001.jpg [2010/10/31 12:49:39 | 000,061,600 | ---- | M] () -- C:\Users\Arron\Desktop\attachments_2010_10_31.zip [2010/10/31 12:16:26 | 000,662,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/10/31 12:16:26 | 000,121,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/10/31 11:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/10/31 04:23:53 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job [2010/10/30 19:46:58 | 000,213,504 | ---- | M] () -- C:\Users\Arron\vina cv.doc [2010/10/30 19:34:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/10/30 19:34:05 | 2413,424,640 | -HS- | M] () -- C:\hiberfil.sys [2010/10/30 18:37:38 | 000,163,311 | ---- | M] () -- C:\Users\Arron\arr (2).jpg [2010/10/30 17:45:25 | 003,895,619 | R--- | M] () -- C:\Users\Arron\Desktop\ComboFix.exe [2010/10/30 16:56:18 | 000,294,912 | ---- | M] () -- C:\gwb988hv.exe [2010/10/30 16:50:28 | 000,160,424 | ---- | M] () -- C:\Users\Arron\arr.jpg [2010/10/30 16:27:49 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys [2010/10/30 16:00:49 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2010/10/30 15:58:56 | 000,000,372 | ---- | M] () -- C:\Windows\System32\.crusader [2010/10/30 15:33:00 | 143,327,340 | ---- | M] () -- C:\Users\Arron\Desktop\Untitled-1.cdr [2010/10/30 15:26:42 | 050,449,456 | ---- | M] (Microsoft Corporation) -- C:\Users\Arron\Desktop\dotNetFx40_Full_x86_x64.exe [2010/10/30 15:18:36 | 009,476,474 | ---- | M] () -- C:\Users\Arron\Desktop\BEDS.pdf [2010/10/30 15:17:04 | 000,040,302 | ---- | M] () -- C:\Users\Arron\Documents\cc_20101030_151700.reg [2010/10/30 13:58:40 | 000,244,961 | ---- | M] () -- C:\Users\Arron\CCF10302010_00001.jpg [2010/10/28 21:50:01 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/10/28 21:50:01 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/10/28 20:18:23 | 003,783,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe [2010/10/28 15:41:15 | 002,126,092 | ---- | M] () -- C:\Users\Arron\Desktop\SIGNAGE DIMENSION.jpg [2010/10/28 14:56:16 | 010,857,464 | ---- | M] () -- C:\Users\Arron\Desktop\gmaker80.exe [2010/10/28 12:31:10 | 001,336,859 | ---- | M] () -- C:\Users\Arron\Desktop\Floor Plan.cdr [2010/10/26 12:22:53 | 000,000,901 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Blaze Media Pro.lnk [2010/10/26 12:22:53 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Blaze Media Pro.lnk [2010/10/25 20:42:56 | 006,638,686 | ---- | M] () -- C:\Users\Arron\Desktop\Coldplay-The Scientist (Acoustic).mp3 [2010/10/25 12:26:55 | 000,165,186 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA AC_BG.jpg [2010/10/24 21:30:21 | 000,156,054 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA S3S_BG.jpg [2010/10/24 21:30:13 | 000,192,354 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA ACC_BG.jpg [2010/10/23 19:58:58 | 001,330,444 | ---- | M] () -- C:\Users\Arron\Desktop\Backup_of_Floor Plan.cdr [2010/10/22 15:39:32 | 000,022,856 | ---- | M] (Softland) -- C:\Windows\System32\dopdfmn7.dll [2010/10/22 15:39:32 | 000,019,784 | ---- | M] (Softland) -- C:\Windows\System32\dopdfmi7.dll [2010/10/22 12:23:07 | 000,002,363 | ---- | M] () -- C:\Users\Arron\Desktop\Google Chrome.lnk [2010/10/20 22:34:33 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010/10/19 13:33:04 | 000,079,015 | ---- | M] () -- C:\Windows\FontData.fdb [2010/10/14 14:57:41 | 000,540,855 | ---- | M] () -- C:\Users\Arron\nigol directory_new.cdr [2010/10/14 14:21:39 | 000,507,383 | ---- | M] () -- C:\Users\Arron\Backup_of_nigol directory_new.cdr [2010/10/13 13:20:19 | 000,000,441 | ---- | M] () -- C:\Users\Arron\Desktop\XAMPP Control Panel.lnk [2010/10/13 13:03:02 | 000,001,107 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2010/10/10 12:21:45 | 000,000,963 | ---- | M] () -- C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2010/10/10 12:21:45 | 000,000,927 | ---- | M] () -- C:\Users\Arron\Desktop\MagicDisc.lnk [2010/10/10 12:19:52 | 000,001,773 | ---- | M] () -- C:\Users\Arron\Desktop\MagicISO.lnk [2010/10/10 12:15:55 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/10/10 11:49:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010/10/10 11:39:43 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll [2010/10/10 11:39:43 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2010/10/09 22:47:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010/10/09 22:47:54 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [2010/10/09 22:03:22 | 000,040,833 | ---- | M] () -- C:\Windows\System32\license.rtf [2010/10/09 19:00:28 | 000,000,000 | ---- | M] () -- C:\Windows\AutoPlayDesign.INI [2010/10/09 19:00:27 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\AutoPlay Media Studio 8 Trial.lnk [2010/10/09 17:27:49 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010/10/09 17:20:46 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk [2010/10/09 17:19:31 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2010/10/09 17:18:20 | 000,000,969 | ---- | M] () -- C:\Users\Arron\Desktop\CCleaner.lnk [2010/10/09 17:15:39 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/10/09 16:55:14 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010/10/09 16:55:14 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010/10/09 16:55:08 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010/10/09 16:54:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010/10/09 16:54:55 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2010/10/09 16:54:55 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010/10/09 16:46:04 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/09 16:27:35 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url [2010/10/09 15:03:43 | 000,001,145 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2010/10/09 13:27:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/10/09 11:19:27 | 000,001,411 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/05 22:32:20 | 000,000,000 | ---- | M] () -- C:\Users\Arron\Documents\VII marketing..doc [2010/10/05 22:04:36 | 000,650,147 | ---- | M] () -- C:\Users\Arron\Documents\final-cartoon-team-durian-colors-all.jpg [2010/10/05 21:12:26 | 000,427,520 | ---- | M] () -- C:\Users\Arron\Documents\VII.doc [2010/10/05 15:40:23 | 000,160,256 | ---- | M] () -- C:\Users\Arron\Documents\rizal life and workss.doc [2010/10/05 13:16:59 | 001,939,971 | ---- | M] () -- C:\Users\Arron\Desktop\QTTN FORMAT.cdr [2010/10/03 16:21:15 | 000,006,144 | ---- | M] () -- C:\Users\Arron\Documents\CD STICKER.zdp [2010/10/03 15:37:19 | 000,000,000 | -H-- | M] () -- C:\Users\Arron\Documents\Default.rdp [2010/10/02 18:16:04 | 411,890,837 | ---- | M] () -- C:\Users\Arron\Documents\HoNClient-1.0.12.1.exe [1 C:\Users\Arron\Documents\*.tmp files -> C:\Users\Arron\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/10/31 21:20:29 | 000,032,059 | ---- | C] () -- C:\Users\Arron\Desktop\2_209056269l.jpg [2010/10/31 19:13:21 | 002,924,376 | ---- | C] () -- C:\Users\Arron\Desktop\CLASSIC_01.pdf [2010/10/31 12:49:48 | 000,062,449 | ---- | C] () -- C:\Users\Arron\CCF10292010_00001.jpg [2010/10/31 12:49:39 | 000,061,600 | ---- | C] () -- C:\Users\Arron\Desktop\attachments_2010_10_31.zip [2010/10/30 19:42:09 | 000,213,504 | ---- | C] () -- C:\Users\Arron\vina cv.doc [2010/10/30 18:37:37 | 000,163,311 | ---- | C] () -- C:\Users\Arron\arr (2).jpg [2010/10/30 18:09:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/10/30 18:09:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/10/30 18:09:44 | 000,084,992 | ---- | C] () -- C:\Windows\MBR.exe [2010/10/30 18:09:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/10/30 18:09:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/10/30 17:45:25 | 003,895,619 | R--- | C] () -- C:\Users\Arron\Desktop\ComboFix.exe [2010/10/30 16:56:18 | 000,294,912 | ---- | C] () -- C:\gwb988hv.exe [2010/10/30 16:50:27 | 000,160,424 | ---- | C] () -- C:\Users\Arron\arr.jpg [2010/10/30 15:58:56 | 000,000,372 | ---- | C] () -- C:\Windows\System32\.crusader [2010/10/30 15:58:06 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2010/10/30 15:30:29 | 143,327,340 | ---- | C] () -- C:\Users\Arron\Desktop\Untitled-1.cdr [2010/10/30 15:17:02 | 000,040,302 | ---- | C] () -- C:\Users\Arron\Documents\cc_20101030_151700.reg [2010/10/30 14:28:08 | 009,476,474 | ---- | C] () -- C:\Users\Arron\Desktop\BEDS.pdf [2010/10/30 13:58:25 | 000,244,961 | ---- | C] () -- C:\Users\Arron\CCF10302010_00001.jpg [2010/10/30 12:59:49 | 000,007,549 | ---- | C] () -- C:\Windows\System32\dopdf7.ctm [2010/10/30 11:11:46 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys [2010/10/28 15:35:49 | 002,126,092 | ---- | C] () -- C:\Users\Arron\Desktop\SIGNAGE DIMENSION.jpg [2010/10/28 14:56:16 | 010,857,464 | ---- | C] () -- C:\Users\Arron\Desktop\gmaker80.exe [2010/10/26 12:22:53 | 000,000,901 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Blaze Media Pro.lnk [2010/10/26 12:22:53 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Blaze Media Pro.lnk [2010/10/25 20:42:56 | 006,638,686 | ---- | C] () -- C:\Users\Arron\Desktop\Coldplay-The Scientist (Acoustic).mp3 [2010/10/25 12:26:55 | 000,165,186 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA AC_BG.jpg [2010/10/24 21:30:27 | 000,156,054 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA S3S_BG.jpg [2010/10/24 21:30:13 | 000,192,354 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA ACC_BG.jpg [2010/10/23 19:37:36 | 001,330,444 | ---- | C] () -- C:\Users\Arron\Desktop\Backup_of_Floor Plan.cdr [2010/10/23 19:23:40 | 001,336,859 | ---- | C] () -- C:\Users\Arron\Desktop\Floor Plan.cdr [2010/10/20 22:34:33 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010/10/19 13:33:00 | 000,079,015 | ---- | C] () -- C:\Windows\FontData.fdb [2010/10/14 14:57:40 | 000,507,383 | ---- | C] () -- C:\Users\Arron\Backup_of_nigol directory_new.cdr [2010/10/14 14:21:36 | 000,540,855 | ---- | C] () -- C:\Users\Arron\nigol directory_new.cdr [2010/10/13 13:20:19 | 000,000,441 | ---- | C] () -- C:\Users\Arron\Desktop\XAMPP Control Panel.lnk [2010/10/13 13:03:02 | 000,001,107 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2010/10/10 12:21:45 | 000,000,963 | ---- | C] () -- C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2010/10/10 12:21:45 | 000,000,927 | ---- | C] () -- C:\Users\Arron\Desktop\MagicDisc.lnk [2010/10/10 12:19:52 | 000,001,773 | ---- | C] () -- C:\Users\Arron\Desktop\MagicISO.lnk [2010/10/10 12:15:55 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/10/10 11:49:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010/10/09 22:47:56 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010/10/09 22:47:54 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010/10/09 22:47:54 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK [2010/10/09 21:58:26 | 2413,424,640 | -HS- | C] () -- C:\hiberfil.sys [2010/10/09 19:13:50 | 000,002,363 | ---- | C] () -- C:\Users\Arron\Desktop\Google Chrome.lnk [2010/10/09 19:11:23 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job [2010/10/09 19:11:22 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job [2010/10/09 19:00:28 | 000,000,000 | ---- | C] () -- C:\Windows\AutoPlayDesign.INI [2010/10/09 19:00:27 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\AutoPlay Media Studio 8 Trial.lnk [2010/10/09 17:27:49 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010/10/09 17:20:46 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk [2010/10/09 17:19:31 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2010/10/09 17:15:39 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/10/09 16:55:14 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010/10/09 16:54:55 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2010/10/09 16:54:50 | 067,040,961 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/10/09 16:46:04 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/09 16:27:35 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url [2010/10/09 16:27:33 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2010/10/09 16:27:09 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico [2010/10/09 16:27:04 | 000,005,430 | ---- | C] () -- C:\Windows\AnyWeb Print.ico [2010/10/09 16:27:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll [2010/10/09 16:27:00 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sst1cl3.smt [2010/10/09 16:21:51 | 000,000,162 | -HS- | C] () -- C:\Users\Arron\Documents\~$BANATA 14 SI RIZAL SA LONDO111.docx [2010/10/09 16:21:51 | 000,000,162 | -HS- | C] () -- C:\Users\Arron\Documents\~$apter 14 Rizal in London333.docx [2010/10/09 16:21:42 | 183,100,582 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_460_[400p][1853AD4C].avi [2010/10/09 16:21:35 | 183,483,930 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_459_[400p][b14FBE73].avi [2010/10/09 16:21:26 | 182,789,340 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_458_[400p][E62EFBB9].avi [2010/10/09 16:21:26 | 023,137,719 | ---- | C] () -- C:\Users\Arron\Documents\SWScan00002.tif [2010/10/09 16:21:26 | 019,495,102 | ---- | C] () -- C:\Users\Arron\Documents\vlc-1.1.0-win32.exe [2010/10/09 16:21:26 | 003,127,521 | ---- | C] () -- C:\Users\Arron\Documents\ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz [2010/10/09 16:21:26 | 000,835,180 | ---- | C] () -- C:\Users\Arron\Documents\volleyball_logo.cdr [2010/10/09 16:21:26 | 000,427,520 | ---- | C] () -- C:\Users\Arron\Documents\VII.doc [2010/10/09 16:21:26 | 000,203,597 | ---- | C] () -- C:\Users\Arron\Documents\volleyball.cdr [2010/10/09 16:21:26 | 000,184,803 | ---- | C] () -- C:\Users\Arron\Documents\WH plans_rev 02 Model (2).pdf [2010/10/09 16:21:26 | 000,086,914 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-1.jpg [2010/10/09 16:21:26 | 000,048,865 | ---- | C] () -- C:\Users\Arron\Documents\wnaspi32.zip [2010/10/09 16:21:26 | 000,032,722 | ---- | C] () -- C:\Users\Arron\Documents\WILSON LUCE DIAZ.docx [2010/10/09 16:21:26 | 000,032,686 | ---- | C] () -- C:\Users\Arron\Documents\zlib1.zip [2010/10/09 16:21:26 | 000,007,762 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-2.html [2010/10/09 16:21:26 | 000,004,465 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-5.html [2010/10/09 16:21:26 | 000,000,000 | ---- | C] () -- C:\Users\Arron\Documents\VII marketing..doc [2010/10/09 16:21:25 | 023,137,719 | ---- | C] () -- C:\Users\Arron\Documents\SWScan00001.tif [2010/10/09 16:21:25 | 006,222,567 | ---- | C] () -- C:\Users\Arron\Documents\ramadan.rar [2010/10/09 16:21:25 | 001,189,716 | ---- | C] () -- C:\Users\Arron\Documents\logo2.psd [2010/10/09 16:21:25 | 000,160,256 | ---- | C] () -- C:\Users\Arron\Documents\rizal life and workss.doc [2010/10/09 16:21:25 | 000,131,584 | ---- | C] () -- C:\Users\Arron\Documents\Nestor%20A[1].doc [2010/10/09 16:21:25 | 000,109,950 | ---- | C] () -- C:\Users\Arron\Documents\SHOE COMPANY.docx [2010/10/09 16:21:25 | 000,087,231 | ---- | C] () -- C:\Users\Arron\Documents\logo.psd [2010/10/09 16:21:25 | 000,064,007 | ---- | C] () -- C:\Users\Arron\Documents\Nastassia.JPG [2010/10/09 16:21:25 | 000,047,104 | ---- | C] () -- C:\Users\Arron\Documents\LPO_FORM.xls [2010/10/09 16:21:25 | 000,040,607 | ---- | C] () -- C:\Users\Arron\Documents\scan0001.jpg [2010/10/09 16:21:25 | 000,022,932 | ---- | C] () -- C:\Users\Arron\Documents\Managing Physical Assets.docx [2010/10/09 16:21:25 | 000,022,500 | ---- | C] () -- C:\Users\Arron\Documents\logo.jpg [2010/10/09 16:21:25 | 000,017,900 | ---- | C] () -- C:\Users\Arron\Documents\Managing Physical Assets with explanation.docx [2010/10/09 16:21:25 | 000,015,360 | ---- | C] () -- C:\Users\Arron\Documents\NewProject.isc [2010/10/09 16:21:25 | 000,011,763 | ---- | C] () -- C:\Users\Arron\Documents\Quotation Lists.xlsx [2010/10/09 16:21:25 | 000,009,186 | ---- | C] () -- C:\Users\Arron\Documents\Nigol.html [2010/10/09 16:21:25 | 000,004,443 | ---- | C] () -- C:\Users\Arron\Documents\Ramadan.html [2010/10/09 16:21:22 | 037,552,417 | ---- | C] () -- C:\Users\Arron\Documents\Legend of Zelda, The - Majora's Mask.7z [2010/10/09 16:21:21 | 033,554,432 | ---- | C] () -- C:\Users\Arron\Documents\Legend of Zelda, The - Majora's Mask (E) (M4) (V1.0) [!].z64 [2010/10/09 16:21:21 | 002,829,952 | ---- | C] () -- C:\Users\Arron\Documents\Joomla_1.0.15-Stable-Full_Package.zip [2010/10/09 16:21:21 | 000,100,933 | ---- | C] () -- C:\Users\Arron\Documents\ICD1.0.6.zip [2010/10/09 16:21:21 | 000,054,798 | ---- | C] () -- C:\Users\Arron\Documents\JOY.cdr [2010/10/09 16:21:21 | 000,016,226 | ---- | C] () -- C:\Users\Arron\Documents\KABANATA 14 SI RIZAL SA LONDO111.docx [2010/10/09 16:21:03 | 411,890,837 | ---- | C] () -- C:\Users\Arron\Documents\HoNClient-1.0.12.1.exe [2010/10/09 16:21:02 | 003,606,977 | ---- | C] () -- C:\Users\Arron\Documents\good sofas (MI CASA).zip [2010/10/09 16:21:02 | 000,029,786 | ---- | C] () -- C:\Users\Arron\Documents\GOVERNMENT OFFICES.docx [2010/10/09 16:21:02 | 000,029,520 | ---- | C] () -- C:\Users\Arron\Documents\Graphic2.cdr [2010/10/09 16:21:02 | 000,018,387 | ---- | C] () -- C:\Users\Arron\Documents\Graphic1.cdr [2010/10/09 16:21:02 | 000,000,615 | ---- | C] () -- C:\Users\Arron\Documents\heart1.gif [2010/10/09 16:21:01 | 000,650,147 | ---- | C] () -- C:\Users\Arron\Documents\final-cartoon-team-durian-colors-all.jpg [2010/10/09 16:21:01 | 000,461,639 | ---- | C] () -- C:\Users\Arron\Documents\good dining sets ( MI CASA).zip [2010/10/09 16:21:01 | 000,319,488 | ---- | C] () -- C:\Users\Arron\Documents\FUF.accdb [2010/10/09 16:21:01 | 000,024,576 | ---- | C] () -- C:\Users\Arron\Documents\Curtain Dimensions.xls [2010/10/09 16:21:01 | 000,008,029 | ---- | C] () -- C:\Users\Arron\Documents\FadeToTranslucent.zip [2010/10/09 16:21:01 | 000,005,927 | ---- | C] () -- C:\Users\Arron\Documents\ExplodeEffect.zip [2010/10/09 16:21:01 | 000,002,716 | ---- | C] () -- C:\Users\Arron\Documents\configuration.php [2010/10/09 16:20:40 | 485,337,223 | ---- | C] () -- C:\Users\Arron\Documents\CLASSIC_01_p38-48.pdf [2010/10/09 16:20:40 | 000,019,112 | ---- | C] () -- C:\Users\Arron\Documents\Chapter 14 Rizal in London.docx [2010/10/09 16:20:40 | 000,017,038 | ---- | C] () -- C:\Users\Arron\Documents\Chapter 14 Rizal in London333.docx [2010/10/09 16:20:40 | 000,006,144 | ---- | C] () -- C:\Users\Arron\Documents\CD STICKER.zdp [2010/10/09 16:20:38 | 033,080,095 | ---- | C] () -- C:\Users\Arron\Documents\CATALOG P11-22.pdf [2010/10/09 16:20:38 | 000,804,746 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_volleyball_logo.cdr [2010/10/09 16:20:38 | 000,343,006 | ---- | C] () -- C:\Users\Arron\Documents\BOIGB - Bot - 09.08.2010.rar [2010/10/09 16:20:38 | 000,210,071 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_volleyball.cdr [2010/10/09 16:20:38 | 000,071,311 | ---- | C] () -- C:\Users\Arron\Documents\camfrog.zip [2010/10/09 16:20:38 | 000,052,121 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_JOY.cdr [2010/10/09 16:20:38 | 000,027,040 | ---- | C] () -- C:\Users\Arron\Documents\CALL CENTER.docx [2010/10/09 16:20:23 | 537,524,196 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_CLASSIC_01_p1-10.pdf [2010/10/09 16:20:23 | 003,598,486 | ---- | C] () -- C:\Users\Arron\Documents\10000-3(top).psd [2010/10/09 16:20:23 | 000,188,928 | ---- | C] () -- C:\Users\Arron\Documents\arron javal cv.doc [2010/10/09 16:20:23 | 000,155,350 | ---- | C] () -- C:\Users\Arron\Documents\10000-3(top).JPG [2010/10/09 16:20:23 | 000,132,352 | ---- | C] () -- C:\Users\Arron\Documents\123.jpg [2010/10/09 16:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Arron\Documents\2.docx [2010/10/09 15:30:40 | 001,939,971 | ---- | C] () -- C:\Users\Arron\Desktop\QTTN FORMAT.cdr [2010/10/09 15:30:40 | 000,997,851 | R--- | C] () -- C:\Users\Arron\Desktop\QTTN FORMAT_FINAL_macro enabled.xlsm [2010/10/09 15:30:40 | 000,000,654 | ---- | C] () -- C:\Users\Arron\Desktop\Speccy.lnk [2010/10/09 15:30:39 | 001,716,879 | ---- | C] () -- C:\Users\Arron\Desktop\NIGOL CLASSIC LOGO.png [2010/10/09 15:30:39 | 000,361,829 | ---- | C] () -- C:\Users\Arron\Desktop\CUSTOMER PROTECTION POLICY.pdf [2010/10/09 15:30:39 | 000,001,663 | ---- | C] () -- C:\Users\Arron\Desktop\FileZilla Client.lnk [2010/10/09 15:30:39 | 000,000,969 | ---- | C] () -- C:\Users\Arron\Desktop\CCleaner.lnk [2010/10/09 15:30:32 | 000,001,390 | ---- | C] () -- C:\Users\Arron\MODERN FURNITURE.SED [2010/10/09 15:03:43 | 000,001,145 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2010/10/09 13:27:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/10/09 12:38:37 | 000,000,000 | -H-- | C] () -- C:\Users\Arron\Documents\Default.rdp [2010/10/09 11:19:27 | 000,001,411 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/09 11:07:49 | 000,000,290 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2010/10/09 11:07:49 | 000,000,272 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2009/07/14 03:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 03:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008/10/04 03:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll [2008/09/28 21:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\Manipulate.dll [2008/08/28 15:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll [2008/08/28 15:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll [2008/08/28 15:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll [2006/11/06 23:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll ========== LOP Check ========== [2010/10/21 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/10/13 13:30:12 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\FileZilla [2010/10/09 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\IndigoRose [2010/10/30 12:59:52 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\Softland [2010/10/30 19:47:28 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\TeamViewer [2010/10/31 19:05:54 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\uTorrent [2009/07/14 08:53:46 | 000,005,662 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
- October 31, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

Here is the ESET log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=4076906b82a4cc479abe379dca0025c0 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-10-30 07:17:42 # local_time=2010-10-30 11:17:42 (+0400, Arabian Standard Time) # country="United States" # lang=9 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777215 100 0 1825983 1825983 0 0 # compatibility_mode=5893 16776574 100 94 1845626 40907434 0 0 # compatibility_mode=8192 67108863 100 0 203 203 0 0 # scanned=519376 # found=9 # cleaned=9 # scan_time=11419 C:\System Volume Information\_restore{E1AC6516-11C4-4B92-AE4C-395ED3CF5C79}\RP133\A0037036.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E1AC6516-11C4-4B92-AE4C-395ED3CF5C79}\RP151\A0045907.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{E1AC6516-11C4-4B92-AE4C-395ED3CF5C79}\RP186\A0054535.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Arron\Documents\HSS-1.45-install-webroot-239-conduit2.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Arron\USB\autorun.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Arron\USB\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx a variant of Win32/Conficker.AA worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\ARRON\INSTALLERS\HSS-1.37-install-webroot-225-conduit.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C D:\Windows.old\Documents and Settings\Arron Javal\My Documents\HSS-1.45-install-webroot-239-conduit2.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C E:\aRRON\misc\Full Metal Alchemist Brotherhood\CorelDRAW Corel DRAW X5 v15.0.486 - XPVISTA7\CorelDRAWGraphicsSuiteX5Installer_EN-Mohsen6558.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
- October 31, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

This is the Log for MBAM Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4998 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10/30/2010 8:01:58 PM mbam-log-2010-10-30 (20-01-58).txt Scan type: Quick scan Objects scanned: 142637 Time elapsed: 4 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
- October 30, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

Here is the ComboFix Log ComboFix 10-10-29.03 - Arron 10/30/2010 19:27:23.2.4 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3069.1437 [GMT 4:00] Running from: c:\users\Arron\Desktop\ComboFix.exe Command switches used :: c:\users\Arron\Desktop\CFScript.txt file zipped: c:\windows\system32\drivers\izmzpvcxvlsgmj.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\izmzpvcxvlsgmj.sys . --------------- FCopy --------------- c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Normandy ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 ))))))))))))))))))))))))))))))) . 2010-10-30 15:32 . 2010-10-30 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-30 12:56 . 2010-10-30 12:56 294912 ----a-w- C:\gwb988hv.exe 2010-10-30 11:58 . 2010-10-30 12:00 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-10-30 11:57 . 2010-10-30 11:58 -------- d-----w- c:\programdata\Hitman Pro 2010-10-30 08:59 . 2010-10-22 11:39 22856 ----a-w- c:\windows\system32\dopdfmn7.dll 2010-10-30 08:59 . 2010-10-22 11:39 19784 ----a-w- c:\windows\system32\dopdfmi7.dll 2010-10-30 08:59 . 2010-10-30 08:59 -------- d-----w- c:\program files\Softland 2010-10-30 07:11 . 2010-10-30 12:27 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys 2010-10-28 16:55 . 2010-10-28 16:55 -------- d-----w- c:\program files\Windows Live Safety Center 2010-10-28 16:45 . 2010-10-28 16:45 -------- d-----w- C:\_OTM 2010-10-26 08:22 . 2010-10-26 08:24 -------- d-----w- c:\program files\Blaze Media Pro 2010-10-26 08:22 . 2010-10-26 08:23 -------- dc-h--w- c:\programdata\{784E3329-1B2A-421E-9427-596088B766F6} 2010-10-20 18:34 . 2010-10-20 18:34 -------- d-----w- c:\program files\TeamViewer 2010-10-13 08:11 . 2010-10-13 08:11 -------- d-----w- C:\$AVG 2010-10-10 18:32 . 2010-10-10 18:32 -------- d-----w- c:\program files\Common Files\Corel 2010-10-10 14:58 . 2010-10-19 01:32 -------- d-----w- c:\programdata\Protexis 2010-10-10 08:24 . 2010-10-30 12:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2010-10-10 08:21 . 2009-02-24 14:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys 2010-10-10 08:21 . 2010-10-10 08:21 -------- d-----w- c:\program files\MagicDisc 2010-10-10 08:19 . 2010-10-10 08:19 -------- d-----w- c:\program files\MagicISO 2010-10-10 08:11 . 2009-11-25 08:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-10-10 08:11 . 2009-11-25 08:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-10-10 08:11 . 2009-11-25 08:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-10-10 08:11 . 2009-11-25 08:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-10-10 08:11 . 2009-11-25 08:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-10-10 07:39 . 2010-10-10 07:39 -------- d-----w- c:\windows\system32\Wat 2010-10-09 18:48 . 2010-10-09 07:07 -------- d-----w- c:\windows\Panther 2010-10-09 18:47 . 2010-10-30 15:33 -------- d-----w- C:\Boot 2010-10-09 18:32 . 2010-10-09 07:16 -------- d-----w- C:\Windows.old 2010-10-09 17:42 . 2010-10-09 17:42 -------- d-----w- c:\program files\Adobe Media Player 2010-10-09 17:40 . 2010-10-21 09:42 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-10-09 17:38 . 2010-10-10 08:15 -------- d-----w- c:\program files\Common Files\Adobe 2010-10-09 17:25 . 2010-10-09 17:25 -------- d-----w- c:\program files\Ask.com 2010-10-09 17:24 . 2010-10-09 17:27 -------- d-----w- c:\program files\uTorrent 2010-10-09 15:00 . 2010-10-09 15:00 -------- d-----w- c:\programdata\IndigoRose 2010-10-09 15:00 . 2010-10-09 15:00 -------- d-----w- c:\program files\AutoPlay Media Studio 8 Trial 2010-10-09 14:38 . 2010-10-09 14:38 -------- d-----w- c:\program files\Microsoft SDKs 2010-10-09 14:38 . 2010-10-09 14:38 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2010-10-09 14:37 . 2010-10-09 14:37 -------- d-----w- c:\program files\Common Files\Protexis 2010-10-09 14:37 . 2010-10-10 14:58 -------- d-----w- c:\programdata\Corel 2010-10-09 14:33 . 2010-10-09 14:33 -------- d-----w- c:\program files\Corel 2010-10-09 13:55 . 2006-10-26 15:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-10-09 13:55 . 2006-10-26 15:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2010-10-09 13:53 . 2010-10-09 13:53 -------- d-----w- c:\program files\Microsoft Works 2010-10-09 13:50 . 2010-10-30 14:06 -------- d-----w- c:\windows\PCHEALTH 2010-10-09 13:50 . 2010-10-10 08:11 -------- d-----w- c:\program files\Microsoft.NET 2010-10-09 13:48 . 2010-10-09 13:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-10-09 13:47 . 2010-10-09 14:41 -------- d-----w- c:\programdata\Microsoft Help 2010-10-09 13:27 . 2010-10-09 13:27 -------- d-----w- c:\program files\FileZilla FTP Client 2010-10-09 13:20 . 2010-10-09 13:20 -------- d-----w- c:\program files\Speccy 2010-10-09 13:19 . 2010-10-09 13:19 -------- d-----w- c:\program files\Recuva 2010-10-09 13:18 . 2010-10-09 13:18 -------- d-----w- c:\program files\CCleaner 2010-10-09 13:15 . 2010-10-09 13:15 -------- d-----w- c:\program files\Google 2010-10-09 12:55 . 2010-10-09 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-10-09 12:55 . 2010-10-09 12:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-10-09 12:54 . 2010-10-09 12:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-10-09 12:54 . 2010-10-09 12:54 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-10-09 12:54 . 2010-10-30 14:11 -------- d-----w- c:\windows\system32\drivers\Avg 2010-10-09 12:54 . 2010-10-09 12:54 -------- d-----w- c:\program files\AVG 2010-10-09 12:54 . 2010-10-09 12:54 -------- d-----w- c:\programdata\avg9 2010-10-09 12:46 . 2010-04-29 11:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-09 12:45 . 2010-10-09 12:45 -------- d-----w- c:\programdata\Malwarebytes 2010-10-09 12:45 . 2010-04-29 11:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-09 12:45 . 2010-10-09 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-09 12:27 . 2010-10-09 12:27 -------- d-----w- c:\windows\Samsung 2010-10-09 12:27 . 2009-09-21 22:30 482408 ----a-w- c:\windows\ssndii.exe 2010-10-09 12:27 . 2007-08-14 15:00 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst1cpc.dll 2010-10-09 12:27 . 2009-12-09 11:48 82432 ----a-w- c:\windows\system32\msxml4r.dll 2010-10-09 12:27 . 2009-12-09 11:48 81920 ----a-w- c:\windows\system32\ssdevm.dll 2010-10-09 12:27 . 2009-12-09 11:48 49152 ----a-w- c:\windows\system32\ssusbpn.dll 2010-10-09 12:27 . 2009-12-09 11:48 44544 ----a-w- c:\windows\system32\msxml4a.dll 2010-10-09 12:27 . 2009-12-09 11:48 38160 ----a-w- c:\windows\system32\msxml2r.dll 2010-10-09 12:27 . 2009-12-09 11:48 1233920 ----a-w- c:\windows\system32\msxml4.dll 2010-10-09 12:27 . 2009-12-09 11:48 701440 ----a-w- c:\windows\system32\msxml2.dll 2010-10-09 12:27 . 2009-12-09 11:48 21776 ----a-w- c:\windows\system32\msxml2a.dll 2010-10-09 12:27 . 2007-08-14 15:01 22723 ----a-w- c:\windows\system32\sst1cl3.dll 2010-10-09 12:26 . 2007-08-14 14:59 151552 ----a-w- c:\windows\system32\sst1cci.exe 2010-10-09 12:26 . 2007-08-14 14:59 65536 ----a-w- c:\windows\system32\sst1cci.dll 2010-10-09 12:25 . 2007-08-13 16:51 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS 2010-10-09 12:25 . 2010-10-09 12:25 -------- d-----w- c:\program files\Samsung 2010-10-09 11:03 . 2010-10-09 11:03 -------- d-----w- c:\programdata\Yahoo! 2010-10-09 11:02 . 2010-10-09 11:03 -------- d-----w- c:\program files\Yahoo! 2010-10-09 10:59 . 2010-10-30 07:09 -------- d-sh--w- c:\windows\Installer 2010-10-09 09:50 . 2010-10-09 09:50 -------- d-----w- c:\windows\system32\Macromed 2010-10-09 07:26 . 2010-09-16 06:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0F4C754-951C-4CC6-85AD-935A9F4C2BEB}\mpengine.dll 2010-10-09 07:26 . 2010-05-21 10:14 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-10-09 07:11 . 2010-10-30 08:38 -------- d-----w- c:\windows\system32\wbem\Performance 2010-10-09 07:07 . 2010-10-30 15:09 -------- d-----w- c:\users\Arron 2010-10-09 07:07 . 2010-10-09 07:07 -------- d-----w- C:\Recovery 2010-10-06 13:19 . 2010-10-06 13:19 -------- d-----w- C:\NVIDIA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-10 07:39 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll 2010-10-10 07:39 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll 2010-09-27 20:57 . 2010-09-27 20:57 2826240 ----a-w- c:\windows\system32\GPhotos.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-06-10 13:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312] "Google Update"="c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-09 136176] "uTorrent"="c:\users\Arron\Downloads\utorrent.exe" [2010-10-09 328056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-09 2067808] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] c:\users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-10-10 576000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 09:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-09 24636] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-10 1343400] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-10-09 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-10-09 243024] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-10-09 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-10-09 308136] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016] . Contents of the 'Scheduled Tasks' folder 2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job - c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 15:11] 2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job - c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 15:11] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\taskhost.exe c:\program files\AVG\AVG9\avgnsx.exe c:\xampp\mysql\bin\mysqld.exe c:\program files\Blaze Media Pro\NMSAccess32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\conhost.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\TeamViewer\Version5\TeamViewer.exe c:\program files\AVG\AVG9\avgtray.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Completion time: 2010-10-30 19:37:29 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-30 15:37 ComboFix2.txt 2010-10-30 14:18 Pre-Run: 58,181,701,632 bytes free Post-Run: 58,040,127,488 bytes free - - End Of File - - DB7D0ABE12D08FF584862224A01E78BF Upload was successful
- October 30, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

Here is the ComboFixLog ComboFix 10-10-29.03 - Arron 10/30/2010 18:12:07.1.4 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3069.2177 [GMT 4:00] Running from: c:\users\Arron\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Arron\AppData\Roaming\Microsoft\AdjMmsVista.dll c:\windows\system32\Memman.vxd c:\windows\system32\skinboxer43.dll . ((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 ))))))))))))))))))))))))))))))) . 2010-10-30 14:16 . 2010-10-30 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-30 14:07 . 2010-10-30 14:09 -------- d-----w- C:\32788R22FWJFW 2010-10-30 12:56 . 2010-10-30 12:56 294912 ----a-w- C:\gwb988hv.exe 2010-10-30 11:58 . 2010-10-30 12:00 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-10-30 11:57 . 2010-10-30 11:58 -------- d-----w- c:\programdata\Hitman Pro 2010-10-30 08:59 . 2010-10-22 11:39 22856 ----a-w- c:\windows\system32\dopdfmn7.dll 2010-10-30 08:59 . 2010-10-22 11:39 19784 ----a-w- c:\windows\system32\dopdfmi7.dll 2010-10-30 08:59 . 2010-10-30 08:59 -------- d-----w- c:\program files\Softland 2010-10-30 07:11 . 2010-10-30 12:27 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys 2010-10-28 16:55 . 2010-10-28 16:55 -------- d-----w- c:\program files\Windows Live Safety Center 2010-10-28 16:45 . 2010-10-28 16:45 -------- d-----w- C:\_OTM 2010-10-26 09:56 . 2010-10-30 14:05 44160 ----a-w- c:\windows\system32\drivers\izmzpvcxvlsgmj.sys 2010-10-26 08:22 . 2010-10-26 08:24 -------- d-----w- c:\program files\Blaze Media Pro 2010-10-26 08:22 . 2010-10-26 08:23 -------- dc-h--w- c:\programdata\{784E3329-1B2A-421E-9427-596088B766F6} 2010-10-20 18:34 . 2010-10-20 18:34 -------- d-----w- c:\program files\TeamViewer 2010-10-13 08:11 . 2010-10-13 08:11 -------- d-----w- C:\$AVG 2010-10-10 18:32 . 2010-10-10 18:32 -------- d-----w- c:\program files\Common Files\Corel 2010-10-10 14:58 . 2010-10-19 01:32 -------- d-----w- c:\programdata\Protexis 2010-10-10 08:24 . 2010-10-30 12:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2010-10-10 08:21 . 2009-02-24 14:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys 2010-10-10 08:21 . 2010-10-10 08:21 -------- d-----w- c:\program files\MagicDisc 2010-10-10 08:19 . 2010-10-10 08:19 -------- d-----w- c:\program files\MagicISO 2010-10-10 08:11 . 2009-11-25 08:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-10-10 08:11 . 2009-11-25 08:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-10-10 08:11 . 2009-11-25 08:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-10-10 08:11 . 2009-11-25 08:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-10-10 08:11 . 2009-11-25 08:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-10-10 07:39 . 2010-10-10 07:39 -------- d-----w- c:\windows\system32\Wat 2010-10-09 18:48 . 2010-10-09 07:07 -------- d-----w- c:\windows\Panther 2010-10-09 18:47 . 2010-10-09 18:47 -------- d-----w- C:\Boot 2010-10-09 18:32 . 2010-10-09 07:16 -------- d-----w- C:\Windows.old 2010-10-09 17:42 . 2010-10-09 17:42 -------- d-----w- c:\program files\Adobe Media Player 2010-10-09 17:40 . 2010-10-21 09:42 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-10-09 17:38 . 2010-10-10 08:15 -------- d-----w- c:\program files\Common Files\Adobe 2010-10-09 17:25 . 2010-10-09 17:25 -------- d-----w- c:\program files\Ask.com 2010-10-09 17:24 . 2010-10-09 17:27 -------- d-----w- c:\program files\uTorrent 2010-10-09 15:00 . 2010-10-09 15:00 -------- d-----w- c:\programdata\IndigoRose 2010-10-09 15:00 . 2010-10-09 15:00 -------- d-----w- c:\program files\AutoPlay Media Studio 8 Trial 2010-10-09 14:38 . 2010-10-09 14:38 -------- d-----w- c:\program files\Microsoft SDKs 2010-10-09 14:38 . 2010-10-09 14:38 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2010-10-09 14:37 . 2010-10-09 14:37 -------- d-----w- c:\program files\Common Files\Protexis 2010-10-09 14:37 . 2010-10-10 14:58 -------- d-----w- c:\programdata\Corel 2010-10-09 14:33 . 2010-10-09 14:33 -------- d-----w- c:\program files\Corel 2010-10-09 13:55 . 2006-10-26 15:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2010-10-09 13:55 . 2006-10-26 15:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2010-10-09 13:53 . 2010-10-09 13:53 -------- d-----w- c:\program files\Microsoft Works 2010-10-09 13:50 . 2010-10-30 14:06 -------- d-----w- c:\windows\PCHEALTH 2010-10-09 13:50 . 2010-10-10 08:11 -------- d-----w- c:\program files\Microsoft.NET 2010-10-09 13:48 . 2010-10-09 13:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-10-09 13:47 . 2010-10-09 14:41 -------- d-----w- c:\programdata\Microsoft Help 2010-10-09 13:27 . 2010-10-09 13:27 -------- d-----w- c:\program files\FileZilla FTP Client 2010-10-09 13:20 . 2010-10-09 13:20 -------- d-----w- c:\program files\Speccy 2010-10-09 13:19 . 2010-10-09 13:19 -------- d-----w- c:\program files\Recuva 2010-10-09 13:18 . 2010-10-09 13:18 -------- d-----w- c:\program files\CCleaner 2010-10-09 13:15 . 2010-10-09 13:15 -------- d-----w- c:\program files\Google 2010-10-09 12:55 . 2010-10-09 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-10-09 12:55 . 2010-10-09 12:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-10-09 12:54 . 2010-10-09 12:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-10-09 12:54 . 2010-10-09 12:54 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-10-09 12:54 . 2010-10-30 14:11 -------- d-----w- c:\windows\system32\drivers\Avg 2010-10-09 12:54 . 2010-10-09 12:54 -------- d-----w- c:\program files\AVG 2010-10-09 12:54 . 2010-10-09 12:54 -------- d-----w- c:\programdata\avg9 2010-10-09 12:46 . 2010-04-29 11:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-09 12:45 . 2010-10-09 12:45 -------- d-----w- c:\programdata\Malwarebytes 2010-10-09 12:45 . 2010-04-29 11:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-09 12:45 . 2010-10-09 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-09 12:27 . 2010-10-09 12:27 -------- d-----w- c:\windows\Samsung 2010-10-09 12:27 . 2009-09-21 22:30 482408 ----a-w- c:\windows\ssndii.exe 2010-10-09 12:27 . 2007-08-14 15:00 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst1cpc.dll 2010-10-09 12:27 . 2009-12-09 11:48 82432 ----a-w- c:\windows\system32\msxml4r.dll 2010-10-09 12:27 . 2009-12-09 11:48 81920 ----a-w- c:\windows\system32\ssdevm.dll 2010-10-09 12:27 . 2009-12-09 11:48 49152 ----a-w- c:\windows\system32\ssusbpn.dll 2010-10-09 12:27 . 2009-12-09 11:48 44544 ----a-w- c:\windows\system32\msxml4a.dll 2010-10-09 12:27 . 2009-12-09 11:48 38160 ----a-w- c:\windows\system32\msxml2r.dll 2010-10-09 12:27 . 2009-12-09 11:48 1233920 ----a-w- c:\windows\system32\msxml4.dll 2010-10-09 12:27 . 2009-12-09 11:48 701440 ----a-w- c:\windows\system32\msxml2.dll 2010-10-09 12:27 . 2009-12-09 11:48 21776 ----a-w- c:\windows\system32\msxml2a.dll 2010-10-09 12:27 . 2007-08-14 15:01 22723 ----a-w- c:\windows\system32\sst1cl3.dll 2010-10-09 12:26 . 2007-08-14 14:59 151552 ----a-w- c:\windows\system32\sst1cci.exe 2010-10-09 12:26 . 2007-08-14 14:59 65536 ----a-w- c:\windows\system32\sst1cci.dll 2010-10-09 12:25 . 2007-08-13 16:51 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS 2010-10-09 12:25 . 2010-10-09 12:25 -------- d-----w- c:\program files\Samsung 2010-10-09 11:03 . 2010-10-09 11:03 -------- d-----w- c:\programdata\Yahoo! 2010-10-09 11:02 . 2010-10-09 11:03 -------- d-----w- c:\program files\Yahoo! 2010-10-09 10:59 . 2010-10-30 07:09 -------- d-sh--w- c:\windows\Installer 2010-10-09 09:50 . 2010-10-09 09:50 -------- d-----w- c:\windows\system32\Macromed 2010-10-09 07:26 . 2010-09-16 06:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0F4C754-951C-4CC6-85AD-935A9F4C2BEB}\mpengine.dll 2010-10-09 07:26 . 2010-05-21 10:14 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-10-09 07:11 . 2010-10-30 08:38 -------- d-----w- c:\windows\system32\wbem\Performance 2010-10-09 07:07 . 2010-10-30 12:53 -------- d-----w- c:\users\Arron 2010-10-09 07:07 . 2010-10-09 07:07 -------- d-----w- C:\Recovery 2010-10-06 13:19 . 2010-10-06 13:19 -------- d-----w- C:\NVIDIA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-10 07:39 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll 2010-10-10 07:39 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll 2010-10-10 07:39 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll 2010-09-27 20:57 . 2010-09-27 20:57 2826240 ----a-w- c:\windows\system32\GPhotos.scr . ------- Sigcheck ------- [-] 2010-10-10 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-06-10 13:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312] "Google Update"="c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-09 136176] "uTorrent"="c:\users\Arron\Downloads\utorrent.exe" [2010-10-09 328056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-09 2067808] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] c:\users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-10-10 576000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 09:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Normandy;Normandy SR2; [x] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-10 1343400] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-10-09 216400] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-10-09 243024] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-09 24636] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-10-09 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-10-09 308136] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016] . Contents of the 'Scheduled Tasks' folder 2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job - c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 15:11] 2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job - c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 15:11] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-10-30 18:18:25 ComboFix-quarantined-files.txt 2010-10-30 14:18 Pre-Run: 59,058,110,464 bytes free Post-Run: 58,907,123,712 bytes free - - End Of File - - CE9EA694E28619A7357C0C25DAB1F386
- October 30, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

GMER LOG GMER 1.0.15.15477 - http://www.gmer.net Rootkit scan 2010-10-30 17:19:13 Windows 6.1.7600 Running: gwb988hv.exe; Driver: C:\Users\Arron\AppData\Local\Temp\aglcrpog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + F1E 828860EA 4 Bytes CALL 85D12273 .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82886579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828AAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!PsGetProcessWin32WindowStation + 152 82902DCC 8 Bytes PUSH 85D1226E; RET ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!UnhookWindowsHookEx 771BCC7B 5 Bytes JMP 6E037E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!CallNextHookEx 771BCC8F 5 Bytes JMP 6E0194EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E027AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!SetWindowsHookExW 771C210A 5 Bytes JMP 6DFD4243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamW 771E4AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E1758AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6DF4490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E175848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E17590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E1757DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E175772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E175710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E1756AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6E175B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2072] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6E028595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E027AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxIndirectParamW 771E4AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E1758AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6DF4490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E175848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E17590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E1757DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E175772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E175710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E1756AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4696] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6E175B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!UnhookWindowsHookEx 771BCC7B 5 Bytes JMP 6E037E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!CallNextHookEx 771BCC8F 5 Bytes JMP 6E0194EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E027AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!SetWindowsHookExW 771C210A 5 Bytes JMP 6DFD4243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxIndirectParamW 771E4AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E1758AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6DF4490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E175848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E17590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E1757DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E175772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E175710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E1756AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6E175B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4736] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6E028595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!UnhookWindowsHookEx 771BCC7B 5 Bytes JMP 6E037E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CallNextHookEx 771BCC8F 5 Bytes JMP 6E0194EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E027AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!SetWindowsHookExW 771C210A 5 Bytes JMP 6DFD4243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxIndirectParamW 771E4AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E1758AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6DF4490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E175848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E17590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E1757DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E175772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E175710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E1756AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6E175B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5364] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6E028595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!UnhookWindowsHookEx 771BCC7B 5 Bytes JMP 6E037E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CallNextHookEx 771BCC8F 5 Bytes JMP 6E0194EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E027AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!SetWindowsHookExW 771C210A 5 Bytes JMP 6DFD4243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxIndirectParamW 771E4AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E1758AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6DF4490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E175848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E17590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E1757DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E175772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E175710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E1756AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6E175B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5452] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6E028595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [741B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [741B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74195624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [741956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [741A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [741A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [741A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [741A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [741A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [741A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [741A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [741AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [741A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74195624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [741B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [741B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74195624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [741956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [741A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [741A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [741A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [741A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [741A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [741A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [741A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [741AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [741A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf 861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Threads - GMER 1.0.15 ---- Thread System [4:200] 85D10786 Thread System [4:204] 85D108C4 ---- Services - GMER 1.0.15 ---- Service C:\Windows\system32\drivers\izmzpvcxvlsgmj.sys (*** hidden *** ) [bOOT] jzipc <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@ImagePath system32\drivers\izmzpvcxvlsgmj.sys Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@DisplayName jzipc Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@_MAIN 0x64 0x62 0x02 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@RulesData 0x03 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@krnl_sleepfreq 0x10 0x0E 0x00 0x00 Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@krnl_servers_list 0x68 0x74 0x74 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@DeleteFlag 1 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{C6D7EC90-D3CE-11DF-9F33-806E6F6E6963} 1891021088 ---- Files - GMER 1.0.15 ---- File C:\Windows\System32\drivers\izmzpvcxvlsgmj.sys 44160 bytes executable <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----
- October 30, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

Hi, sorry if i my response is this late, i have downloaded the Rootkit Unhoocker, but whenver i try ro run it, it gives me an error Error loading driver, NTSTATS code: 0xcC0000001 Thanks
- October 30, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

As for the rootkit unhooker, can you please give me a mirror or something, the link you provided me is blocked in our country for some reason. Mediafire will be fine if its ok with you sir, thanks for the help.
- October 28, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

OTL Extras OTL Extras logfile created on: 10/28/2010 10:35:07 PM - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Arron\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195.41 Gb Total Space | 51.74 Gb Free Space | 26.48% Space Free | Partition Type: NTFS Drive D: | 368.05 Gb Total Space | 153.93 Gb Free Space | 41.82% Space Free | Partition Type: NTFS Drive E: | 368.05 Gb Total Space | 285.29 Gb Free Space | 77.51% Space Free | Partition Type: NTFS Computer Name: ARRON-PC | User Name: Arron | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Users\Arron\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "\" = C:\Windows\system\dwm.exe:*:Enabled:KL -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AutoPlay Media Studio 8 Trial" = AutoPlay Media Studio 8 Trial "AVG9Uninstall" = AVG Free 9.0 "Blaze Media Pro" = Blaze Media Pro "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.3.4.1 "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281) "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Picasa 3" = Picasa 3 "Recuva" = Recuva "Samsung CLX-3170 Series" = Samsung CLX-3170 Series "Speccy" = Speccy "TeamViewer 5" = TeamViewer 5 "uTorrent" =
- October 28, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 replied to akira_yuki13's topic in Resolved Malware Removal Logs

Thanks for your fast response kahdah, as per youre request here is the OTL log OTL logfile created on: 10/28/2010 10:35:07 PM - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Arron\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195.41 Gb Total Space | 51.74 Gb Free Space | 26.48% Space Free | Partition Type: NTFS Drive D: | 368.05 Gb Total Space | 153.93 Gb Free Space | 41.82% Space Free | Partition Type: NTFS Drive E: | 368.05 Gb Total Space | 285.29 Gb Free Space | 77.51% Space Free | Partition Type: NTFS Computer Name: ARRON-PC | User Name: Arron | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Arron\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation) PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) PRC - C:\Program Files\Blaze Media Pro\NMSAccess32.exe () PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) ========== Modules (SafeList) ========== MOD - C:\Users\Arron\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe () SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe () SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) ========== Driver Services (SafeList) ========== DRV - (DgiVecp) -- C:\Windows\System32\Drivers\DgiVecp.sys File not found DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 D6 16 62 50 74 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/10/28 20:45:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Google Update] C:\Users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [uTorrent] C:\Users\Arron\Downloads\utorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2010/10/28 12:45:39 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/10/28 22:30:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Arron\Desktop\OTL.exe [2010/10/28 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2010/10/28 20:45:02 | 000,000,000 | ---D | C] -- C:\_OTM [2010/10/28 20:43:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/10/26 12:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Blaze Media Pro [2010/10/26 12:22:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6} [2010/10/26 12:21:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\PackageAware [2010/10/21 13:39:26 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/10/20 22:34:37 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\TeamViewer [2010/10/20 22:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2010/10/20 16:52:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\GTH Documents [2010/10/19 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\USB [2010/10/19 17:01:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\Web joyfze [2010/10/19 16:16:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\ElevatedDiagnostics [2010/10/13 13:25:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\FileZilla [2010/10/13 12:11:18 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/10/10 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel [2010/10/10 18:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2010/10/10 18:58:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Corel [2010/10/10 12:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010/10/10 12:21:08 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys [2010/10/10 12:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc [2010/10/10 12:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO [2010/10/10 12:19:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\WinRAR [2010/10/10 12:11:29 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/10/10 12:11:29 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/10/10 12:11:29 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/10/10 12:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010/10/10 11:45:09 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\AskToolbar [2010/10/10 11:39:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2010/10/09 22:48:06 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010/10/09 22:47:53 | 000,000,000 | -HSD | C] -- C:\Boot [2010/10/09 22:39:03 | 000,000,000 | ---D | C] -- C:\Windows.old.000 [2010/10/09 22:32:32 | 000,000,000 | ---D | C] -- C:\Windows.old [2010/10/09 22:01:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010/10/09 21:59:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010/10/09 21:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player [2010/10/09 21:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2010/10/09 21:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010/10/09 21:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010/10/09 21:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/10/09 21:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2010/10/09 21:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2010/10/09 21:24:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\uTorrent [2010/10/09 20:09:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Adobe [2010/10/09 19:38:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Yahoo! [2010/10/09 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Deployment [2010/10/09 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Apps [2010/10/09 19:02:21 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\IndigoRose [2010/10/09 19:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/10/09 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IndigoRose [2010/10/09 19:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\AutoPlay Media Studio 8 Trial [2010/10/09 18:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2010/10/09 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2010/10/09 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis [2010/10/09 18:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2010/10/09 18:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2010/10/09 17:55:36 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll [2010/10/09 17:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2010/10/09 17:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2010/10/09 17:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010/10/09 17:50:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010/10/09 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010/10/09 17:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2010/10/09 17:47:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Microsoft Help [2010/10/09 17:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010/10/09 17:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010/10/09 17:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2010/10/09 17:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy [2010/10/09 17:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2010/10/09 17:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/10/09 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Google [2010/10/09 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010/10/09 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\ZendOptimizer-3.3.9-linux-glibc23-i386 [2010/10/09 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Visual Studio 2008 [2010/10/09 17:00:33 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\OneNote Notebooks [2010/10/09 16:56:44 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\My Palettes [2010/10/09 16:56:44 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\My eBooks [2010/10/09 16:56:43 | 000,000,000 | --SD | C] -- C:\Users\Arron\Documents\My Data Sources [2010/10/09 16:56:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Modern [2010/10/09 16:56:35 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\magazine ads [2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\good sofas (MI CASA) [2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\good dining sets ( MI CASA) [2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\FURNITURE SCANS [2010/10/09 16:55:14 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010/10/09 16:55:08 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010/10/09 16:54:59 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010/10/09 16:54:55 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010/10/09 16:54:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg [2010/10/09 16:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2010/10/09 16:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [2010/10/09 16:46:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Malwarebytes [2010/10/09 16:46:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/10/09 16:45:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/10/09 16:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/10/09 16:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/10/09 16:36:15 | 000,000,000 | -H-D | C] -- C:\Users\Arron\Documents\Downloads [2010/10/09 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\CyberLink [2010/10/09 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\covers [2010/10/09 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Corel User Files [2010/10/09 16:36:10 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Corel [2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Classic Presentation [2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\CCCLeaner Registry Back Up [2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\c4d [2010/10/09 16:36:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\BOIGB - Bot - 09.08.2010 [2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\AutoPlay Media Studio 8 [2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Anvsoft [2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\After Effects Composition [2010/10/09 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate [2010/10/09 16:27:33 | 000,000,000 | ---D | C] -- C:\Windows\Samsung [2010/10/09 16:27:20 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll [2010/10/09 16:27:20 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll [2010/10/09 16:27:20 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll [2010/10/09 16:27:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll [2010/10/09 16:27:20 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2r.dll [2010/10/09 16:27:19 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2.dll [2010/10/09 16:27:19 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2a.dll [2010/10/09 16:26:54 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sst1cci.exe [2010/10/09 16:26:54 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sst1cci.dll [2010/10/09 16:25:57 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS [2010/10/09 16:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2010/10/09 16:24:05 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Diagnostics [2010/10/09 16:23:24 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Adobe CS4 Master Collection [2010/10/09 16:21:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Adobe [2010/10/09 16:21:25 | 003,795,360 | ---- | C] (Piriform Ltd) -- C:\Users\Arron\Documents\rcsetup138.exe [2010/10/09 16:21:25 | 001,759,261 | ---- | C] (Simon Tatham ) -- C:\Users\Arron\Documents\putty-0.60-installer.exe [2010/10/09 16:21:25 | 001,244,536 | ---- | C] (Piriform Ltd) -- C:\Users\Arron\Documents\spsetup103.exe [2010/10/09 16:21:21 | 010,344,252 | ---- | C] (Kalendra, Ltd. ) -- C:\Users\Arron\Documents\KalendraSetup.exe [2010/10/09 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\WEBSITE AC 3.0 [2010/10/09 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\WAREHOUSE FLOORPLAN [2010/10/09 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VIVIONA LOVE SEAT [2010/10/09 16:18:43 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VILLA PRESENTATION [2010/10/09 16:18:28 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VIDEOS [2010/10/09 16:18:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Tapestries [2010/10/09 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\stands [2010/10/09 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\SREEJA [2010/10/09 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\SAJEEV [2010/10/09 16:18:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ROMA [2010/10/09 16:17:59 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Quotation [2010/10/09 16:17:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PSD [2010/10/09 16:17:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PRESENTATIONS [2010/10/09 16:17:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PICTURES FROM E-MAIL [2010/10/09 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\pdf-quotation-mr.dory [2010/10/09 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PDF [2010/10/09 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Pablo [2010/10/09 16:15:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\now [2010/10/09 16:15:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\new pix [2010/10/09 16:15:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\New Items [2010/10/09 16:15:38 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\NEW BEDS [2010/10/09 16:15:37 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Nastassia Side Table [2010/10/09 16:15:30 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ms nagham [2010/10/09 16:14:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ms gulnora [2010/10/09 16:11:22 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MS BAHAR [2010/10/09 16:11:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Mr. Henry's Qoute [2010/10/09 16:10:38 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MR MAHMOUD [2010/10/09 16:10:26 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mr henry [2010/10/09 16:10:19 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MR EMAMI [2010/10/09 16:02:30 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mr dory [2010/10/09 16:02:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mp3 [2010/10/09 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\modern [2010/10/09 15:58:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Map [2010/10/09 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Mantellasi [2010/10/09 15:57:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Madam Emami [2010/10/09 15:55:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Khalifa [2010/10/09 15:55:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\JPGS [2010/10/09 15:55:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\IT Dept [2010/10/09 15:54:33 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\IMAGES [2010/10/09 15:54:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\HAJRI FLOOR PLAN PDF [2010/10/09 15:54:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\hajri [2010/10/09 15:54:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\geremyYYYYYYYYYYYYYYYYY [2010/10/09 15:54:27 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\GAMELLINUS [2010/10/09 15:54:19 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\FURNITURE DAMAGES [2010/10/09 15:53:42 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\from camera [2010/10/09 15:53:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\For website used [2010/10/09 15:52:50 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\FILES [2010/10/09 15:52:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\EXCEL [2010/10/09 15:52:35 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ENCODED PSD [2010/10/09 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\e-mail format intro [2010/10/09 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\dining [2010/10/09 15:43:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\DESKTOP FOLDERs [2010/10/09 15:43:04 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\CURTAINS [2010/10/09 15:43:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\COFFEE TABLES [2010/10/09 15:42:55 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Chandelier Pics [2010/10/09 15:42:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\cd menu [2010/10/09 15:39:13 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\CATALOG [2010/10/09 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\BAMBINO [2010/10/09 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\BAMBI2 [2010/10/09 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\background' [2010/10/09 15:38:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\asdasdasdasdasdasd [2010/10/09 15:38:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Arron [2010/10/09 15:37:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ALL GTH BEDS EDITED [2010/10/09 15:37:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\AL MANA COMPARISON [2010/10/09 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Al Mana [2010/10/09 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Abdulllah [2010/10/09 15:31:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\2 [2010/10/09 15:30:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\ChikkaDefault [2010/10/09 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Yahoo! [2010/10/09 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Yahoo [2010/10/09 15:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2010/10/09 15:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2010/10/09 14:59:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010/10/09 13:51:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Macromedia [2010/10/09 13:50:42 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Adobe [2010/10/09 13:50:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2010/10/09 11:26:56 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010/10/09 11:08:12 | 000,000,000 | R--D | C] -- C:\Users\Arron\Searches [2010/10/09 11:08:12 | 000,000,000 | -H-D | C] -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2010/10/09 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Identities [2010/10/09 11:08:02 | 000,000,000 | R--D | C] -- C:\Users\Arron\Contacts [2010/10/09 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\VirtualStore [2010/10/09 11:07:49 | 000,000,000 | --SD | C] -- C:\Users\Arron\AppData\Roaming\Microsoft [2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Start Menu [2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Documents\My Pictures [2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Documents\My Music [2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\My Documents [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Videos [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Saved Games [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Pictures [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Music [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Links [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Favorites [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Downloads [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\My Documents [2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Desktop [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\Temporary Internet Files [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Templates [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\SendTo [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Recent [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\PrintHood [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\NetHood [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Documents\My Videos [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Local Settings [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\History [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Cookies [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Application Data [2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\Application Data [2010/10/09 11:07:49 | 000,000,000 | -H-D | C] -- C:\Users\Arron\AppData [2010/10/09 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Temp [2010/10/09 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Microsoft [2010/10/09 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Media Center Programs [2010/10/09 11:07:35 | 000,000,000 | -HSD | C] -- C:\Recovery [2010/10/06 17:29:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/10/06 17:19:04 | 000,000,000 | ---D | C] -- C:\NVIDIA [1 C:\Users\Arron\Documents\*.tmp files -> C:\Users\Arron\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/10/28 22:30:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Arron\Desktop\OTL.exe [2010/10/28 22:22:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job [2010/10/28 22:00:07 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lfpk.sys [2010/10/28 21:51:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/10/28 21:50:55 | 2413,424,640 | -HS- | M] () -- C:\hiberfil.sys [2010/10/28 21:50:01 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/10/28 21:50:01 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/10/28 20:45:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2010/10/28 20:24:39 | 000,662,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/10/28 20:24:39 | 000,121,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/10/28 20:18:23 | 003,783,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/10/28 18:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job [2010/10/28 18:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job [2010/10/28 17:06:43 | 066,927,822 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/10/28 15:41:15 | 002,126,092 | ---- | M] () -- C:\Users\Arron\Desktop\SIGNAGE DIMENSION.jpg [2010/10/28 14:56:16 | 010,857,464 | ---- | M] () -- C:\Users\Arron\Desktop\gmaker80.exe [2010/10/28 14:52:35 | 002,379,281 | ---- | M] () -- C:\Users\Arron\Desktop\ProjectPlatform.exe [2010/10/28 12:31:10 | 001,336,859 | ---- | M] () -- C:\Users\Arron\Desktop\Floor Plan.cdr [2010/10/28 04:22:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job [2010/10/26 12:22:53 | 000,000,901 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Blaze Media Pro.lnk [2010/10/26 12:22:53 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Blaze Media Pro.lnk [2010/10/25 20:42:56 | 006,638,686 | ---- | M] () -- C:\Users\Arron\Desktop\Coldplay-The Scientist (Acoustic).mp3 [2010/10/25 12:26:55 | 000,165,186 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA AC_BG.jpg [2010/10/24 21:30:21 | 000,156,054 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA S3S_BG.jpg [2010/10/24 21:30:13 | 000,192,354 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA ACC_BG.jpg [2010/10/23 19:58:58 | 001,330,444 | ---- | M] () -- C:\Users\Arron\Desktop\Backup_of_Floor Plan.cdr [2010/10/22 12:23:07 | 000,002,363 | ---- | M] () -- C:\Users\Arron\Desktop\Google Chrome.lnk [2010/10/20 22:34:33 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010/10/19 13:33:04 | 000,079,015 | ---- | M] () -- C:\Windows\FontData.fdb [2010/10/14 14:57:41 | 000,540,855 | ---- | M] () -- C:\Users\Arron\nigol directory_new.cdr [2010/10/14 14:21:39 | 000,507,383 | ---- | M] () -- C:\Users\Arron\Backup_of_nigol directory_new.cdr [2010/10/13 13:20:19 | 000,000,441 | ---- | M] () -- C:\Users\Arron\Desktop\XAMPP Control Panel.lnk [2010/10/13 13:03:02 | 000,001,107 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2010/10/10 12:21:45 | 000,000,963 | ---- | M] () -- C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2010/10/10 12:21:45 | 000,000,927 | ---- | M] () -- C:\Users\Arron\Desktop\MagicDisc.lnk [2010/10/10 12:19:52 | 000,001,773 | ---- | M] () -- C:\Users\Arron\Desktop\MagicISO.lnk [2010/10/10 12:15:55 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/10/10 11:49:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010/10/10 11:39:43 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll [2010/10/10 11:39:43 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2010/10/09 22:47:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010/10/09 22:47:54 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [2010/10/09 22:03:22 | 000,040,833 | ---- | M] () -- C:\Windows\System32\license.rtf [2010/10/09 19:00:28 | 000,000,000 | ---- | M] () -- C:\Windows\AutoPlayDesign.INI [2010/10/09 19:00:27 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\AutoPlay Media Studio 8 Trial.lnk [2010/10/09 17:27:49 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010/10/09 17:20:46 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk [2010/10/09 17:19:31 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2010/10/09 17:18:20 | 000,000,969 | ---- | M] () -- C:\Users\Arron\Desktop\CCleaner.lnk [2010/10/09 17:15:39 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/10/09 16:55:14 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010/10/09 16:55:14 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010/10/09 16:55:08 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010/10/09 16:54:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010/10/09 16:54:55 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2010/10/09 16:54:55 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010/10/09 16:46:04 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/09 16:27:35 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url [2010/10/09 15:03:43 | 000,001,145 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2010/10/09 13:27:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/10/09 11:19:27 | 000,001,411 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/05 22:32:20 | 000,000,000 | ---- | M] () -- C:\Users\Arron\Documents\VII marketing..doc [2010/10/05 22:04:36 | 000,650,147 | ---- | M] () -- C:\Users\Arron\Documents\final-cartoon-team-durian-colors-all.jpg [2010/10/05 21:12:26 | 000,427,520 | ---- | M] () -- C:\Users\Arron\Documents\VII.doc [2010/10/05 15:40:23 | 000,160,256 | ---- | M] () -- C:\Users\Arron\Documents\rizal life and workss.doc [2010/10/05 13:16:59 | 001,939,971 | ---- | M] () -- C:\Users\Arron\Desktop\QTTN FORMAT.cdr [2010/10/03 16:21:15 | 000,006,144 | ---- | M] () -- C:\Users\Arron\Documents\CD STICKER.zdp [2010/10/03 15:37:19 | 000,000,000 | -H-- | M] () -- C:\Users\Arron\Documents\Default.rdp [2010/10/02 18:16:04 | 411,890,837 | ---- | M] () -- C:\Users\Arron\Documents\HoNClient-1.0.12.1.exe [1 C:\Users\Arron\Documents\*.tmp files -> C:\Users\Arron\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/10/28 22:00:07 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lfpk.sys [2010/10/28 15:35:49 | 002,126,092 | ---- | C] () -- C:\Users\Arron\Desktop\SIGNAGE DIMENSION.jpg [2010/10/28 14:56:16 | 010,857,464 | ---- | C] () -- C:\Users\Arron\Desktop\gmaker80.exe [2010/10/28 14:51:32 | 002,379,281 | ---- | C] () -- C:\Users\Arron\Desktop\ProjectPlatform.exe [2010/10/26 12:22:53 | 000,000,901 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Blaze Media Pro.lnk [2010/10/26 12:22:53 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Blaze Media Pro.lnk [2010/10/25 20:42:56 | 006,638,686 | ---- | C] () -- C:\Users\Arron\Desktop\Coldplay-The Scientist (Acoustic).mp3 [2010/10/25 12:26:55 | 000,165,186 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA AC_BG.jpg [2010/10/24 21:30:27 | 000,156,054 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA S3S_BG.jpg [2010/10/24 21:30:13 | 000,192,354 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA ACC_BG.jpg [2010/10/23 19:37:36 | 001,330,444 | ---- | C] () -- C:\Users\Arron\Desktop\Backup_of_Floor Plan.cdr [2010/10/23 19:23:40 | 001,336,859 | ---- | C] () -- C:\Users\Arron\Desktop\Floor Plan.cdr [2010/10/20 22:34:33 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010/10/19 13:33:00 | 000,079,015 | ---- | C] () -- C:\Windows\FontData.fdb [2010/10/14 14:57:40 | 000,507,383 | ---- | C] () -- C:\Users\Arron\Backup_of_nigol directory_new.cdr [2010/10/14 14:21:36 | 000,540,855 | ---- | C] () -- C:\Users\Arron\nigol directory_new.cdr [2010/10/13 13:20:19 | 000,000,441 | ---- | C] () -- C:\Users\Arron\Desktop\XAMPP Control Panel.lnk [2010/10/13 13:03:02 | 000,001,107 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2010/10/10 12:21:45 | 000,000,963 | ---- | C] () -- C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2010/10/10 12:21:45 | 000,000,927 | ---- | C] () -- C:\Users\Arron\Desktop\MagicDisc.lnk [2010/10/10 12:19:52 | 000,001,773 | ---- | C] () -- C:\Users\Arron\Desktop\MagicISO.lnk [2010/10/10 12:15:55 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/10/10 11:49:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010/10/09 22:47:56 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010/10/09 22:47:54 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010/10/09 22:47:54 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK [2010/10/09 21:58:26 | 2413,424,640 | -HS- | C] () -- C:\hiberfil.sys [2010/10/09 19:13:50 | 000,002,363 | ---- | C] () -- C:\Users\Arron\Desktop\Google Chrome.lnk [2010/10/09 19:11:23 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job [2010/10/09 19:11:22 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job [2010/10/09 19:00:28 | 000,000,000 | ---- | C] () -- C:\Windows\AutoPlayDesign.INI [2010/10/09 19:00:27 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\AutoPlay Media Studio 8 Trial.lnk [2010/10/09 18:30:59 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At2.job [2010/10/09 18:28:40 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At1.job [2010/10/09 17:27:49 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010/10/09 17:20:46 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk [2010/10/09 17:19:31 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2010/10/09 17:15:39 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/10/09 16:55:14 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk [2010/10/09 16:54:55 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2010/10/09 16:54:50 | 066,927,822 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/10/09 16:46:04 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/09 16:27:35 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url [2010/10/09 16:27:33 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2010/10/09 16:27:09 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico [2010/10/09 16:27:04 | 000,005,430 | ---- | C] () -- C:\Windows\AnyWeb Print.ico [2010/10/09 16:27:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll [2010/10/09 16:27:00 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sst1cl3.smt [2010/10/09 16:21:51 | 000,000,162 | -HS- | C] () -- C:\Users\Arron\Documents\~$BANATA 14 SI RIZAL SA LONDO111.docx [2010/10/09 16:21:51 | 000,000,162 | -HS- | C] () -- C:\Users\Arron\Documents\~$apter 14 Rizal in London333.docx [2010/10/09 16:21:42 | 183,100,582 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_460_[400p][1853AD4C].avi [2010/10/09 16:21:35 | 183,483,930 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_459_[400p][b14FBE73].avi [2010/10/09 16:21:26 | 182,789,340 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_458_[400p][E62EFBB9].avi [2010/10/09 16:21:26 | 023,137,719 | ---- | C] () -- C:\Users\Arron\Documents\SWScan00002.tif [2010/10/09 16:21:26 | 019,495,102 | ---- | C] () -- C:\Users\Arron\Documents\vlc-1.1.0-win32.exe [2010/10/09 16:21:26 | 003,127,521 | ---- | C] () -- C:\Users\Arron\Documents\ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz [2010/10/09 16:21:26 | 000,835,180 | ---- | C] () -- C:\Users\Arron\Documents\volleyball_logo.cdr [2010/10/09 16:21:26 | 000,427,520 | ---- | C] () -- C:\Users\Arron\Documents\VII.doc [2010/10/09 16:21:26 | 000,203,597 | ---- | C] () -- C:\Users\Arron\Documents\volleyball.cdr [2010/10/09 16:21:26 | 000,184,803 | ---- | C] () -- C:\Users\Arron\Documents\WH plans_rev 02 Model (2).pdf [2010/10/09 16:21:26 | 000,086,914 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-1.jpg [2010/10/09 16:21:26 | 000,048,865 | ---- | C] () -- C:\Users\Arron\Documents\wnaspi32.zip [2010/10/09 16:21:26 | 000,032,722 | ---- | C] () -- C:\Users\Arron\Documents\WILSON LUCE DIAZ.docx [2010/10/09 16:21:26 | 000,032,686 | ---- | C] () -- C:\Users\Arron\Documents\zlib1.zip [2010/10/09 16:21:26 | 000,007,762 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-2.html [2010/10/09 16:21:26 | 000,004,465 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-5.html [2010/10/09 16:21:26 | 000,000,000 | ---- | C] () -- C:\Users\Arron\Documents\VII marketing..doc [2010/10/09 16:21:25 | 023,137,719 | ---- | C] () -- C:\Users\Arron\Documents\SWScan00001.tif [2010/10/09 16:21:25 | 006,222,567 | ---- | C] () -- C:\Users\Arron\Documents\ramadan.rar [2010/10/09 16:21:25 | 001,189,716 | ---- | C] () -- C:\Users\Arron\Documents\logo2.psd [2010/10/09 16:21:25 | 000,160,256 | ---- | C] () -- C:\Users\Arron\Documents\rizal life and workss.doc [2010/10/09 16:21:25 | 000,131,584 | ---- | C] () -- C:\Users\Arron\Documents\Nestor%20A[1].doc [2010/10/09 16:21:25 | 000,109,950 | ---- | C] () -- C:\Users\Arron\Documents\SHOE COMPANY.docx [2010/10/09 16:21:25 | 000,087,231 | ---- | C] () -- C:\Users\Arron\Documents\logo.psd [2010/10/09 16:21:25 | 000,064,007 | ---- | C] () -- C:\Users\Arron\Documents\Nastassia.JPG [2010/10/09 16:21:25 | 000,047,104 | ---- | C] () -- C:\Users\Arron\Documents\LPO_FORM.xls [2010/10/09 16:21:25 | 000,040,607 | ---- | C] () -- C:\Users\Arron\Documents\scan0001.jpg [2010/10/09 16:21:25 | 000,022,932 | ---- | C] () -- C:\Users\Arron\Documents\Managing Physical Assets.docx [2010/10/09 16:21:25 | 000,022,500 | ---- | C] () -- C:\Users\Arron\Documents\logo.jpg [2010/10/09 16:21:25 | 000,017,900 | ---- | C] () -- C:\Users\Arron\Documents\Managing Physical Assets with explanation.docx [2010/10/09 16:21:25 | 000,015,360 | ---- | C] () -- C:\Users\Arron\Documents\NewProject.isc [2010/10/09 16:21:25 | 000,011,763 | ---- | C] () -- C:\Users\Arron\Documents\Quotation Lists.xlsx [2010/10/09 16:21:25 | 000,009,186 | ---- | C] () -- C:\Users\Arron\Documents\Nigol.html [2010/10/09 16:21:25 | 000,004,443 | ---- | C] () -- C:\Users\Arron\Documents\Ramadan.html [2010/10/09 16:21:22 | 037,552,417 | ---- | C] () -- C:\Users\Arron\Documents\Legend of Zelda, The - Majora's Mask.7z [2010/10/09 16:21:21 | 033,554,432 | ---- | C] () -- C:\Users\Arron\Documents\Legend of Zelda, The - Majora's Mask (E) (M4) (V1.0) [!].z64 [2010/10/09 16:21:21 | 002,829,952 | ---- | C] () -- C:\Users\Arron\Documents\Joomla_1.0.15-Stable-Full_Package.zip [2010/10/09 16:21:21 | 000,100,933 | ---- | C] () -- C:\Users\Arron\Documents\ICD1.0.6.zip [2010/10/09 16:21:21 | 000,054,798 | ---- | C] () -- C:\Users\Arron\Documents\JOY.cdr [2010/10/09 16:21:21 | 000,016,226 | ---- | C] () -- C:\Users\Arron\Documents\KABANATA 14 SI RIZAL SA LONDO111.docx [2010/10/09 16:21:20 | 005,475,864 | ---- | C] () -- C:\Users\Arron\Documents\HSS-1.45-install-webroot-239-conduit2.exe [2010/10/09 16:21:03 | 411,890,837 | ---- | C] () -- C:\Users\Arron\Documents\HoNClient-1.0.12.1.exe [2010/10/09 16:21:02 | 003,606,977 | ---- | C] () -- C:\Users\Arron\Documents\good sofas (MI CASA).zip [2010/10/09 16:21:02 | 000,029,786 | ---- | C] () -- C:\Users\Arron\Documents\GOVERNMENT OFFICES.docx [2010/10/09 16:21:02 | 000,029,520 | ---- | C] () -- C:\Users\Arron\Documents\Graphic2.cdr [2010/10/09 16:21:02 | 000,018,387 | ---- | C] () -- C:\Users\Arron\Documents\Graphic1.cdr [2010/10/09 16:21:02 | 000,000,615 | ---- | C] () -- C:\Users\Arron\Documents\heart1.gif [2010/10/09 16:21:01 | 000,650,147 | ---- | C] () -- C:\Users\Arron\Documents\final-cartoon-team-durian-colors-all.jpg [2010/10/09 16:21:01 | 000,461,639 | ---- | C] () -- C:\Users\Arron\Documents\good dining sets ( MI CASA).zip [2010/10/09 16:21:01 | 000,319,488 | ---- | C] () -- C:\Users\Arron\Documents\FUF.accdb [2010/10/09 16:21:01 | 000,024,576 | ---- | C] () -- C:\Users\Arron\Documents\Curtain Dimensions.xls [2010/10/09 16:21:01 | 000,008,029 | ---- | C] () -- C:\Users\Arron\Documents\FadeToTranslucent.zip [2010/10/09 16:21:01 | 000,005,927 | ---- | C] () -- C:\Users\Arron\Documents\ExplodeEffect.zip [2010/10/09 16:21:01 | 000,002,716 | ---- | C] () -- C:\Users\Arron\Documents\configuration.php [2010/10/09 16:20:40 | 485,337,223 | ---- | C] () -- C:\Users\Arron\Documents\CLASSIC_01_p38-48.pdf [2010/10/09 16:20:40 | 000,019,112 | ---- | C] () -- C:\Users\Arron\Documents\Chapter 14 Rizal in London.docx [2010/10/09 16:20:40 | 000,017,038 | ---- | C] () -- C:\Users\Arron\Documents\Chapter 14 Rizal in London333.docx [2010/10/09 16:20:40 | 000,006,144 | ---- | C] () -- C:\Users\Arron\Documents\CD STICKER.zdp [2010/10/09 16:20:38 | 033,080,095 | ---- | C] () -- C:\Users\Arron\Documents\CATALOG P11-22.pdf [2010/10/09 16:20:38 | 000,804,746 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_volleyball_logo.cdr [2010/10/09 16:20:38 | 000,343,006 | ---- | C] () -- C:\Users\Arron\Documents\BOIGB - Bot - 09.08.2010.rar [2010/10/09 16:20:38 | 000,210,071 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_volleyball.cdr [2010/10/09 16:20:38 | 000,071,311 | ---- | C] () -- C:\Users\Arron\Documents\camfrog.zip [2010/10/09 16:20:38 | 000,052,121 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_JOY.cdr [2010/10/09 16:20:38 | 000,027,040 | ---- | C] () -- C:\Users\Arron\Documents\CALL CENTER.docx [2010/10/09 16:20:23 | 537,524,196 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_CLASSIC_01_p1-10.pdf [2010/10/09 16:20:23 | 003,598,486 | ---- | C] () -- C:\Users\Arron\Documents\10000-3(top).psd [2010/10/09 16:20:23 | 000,188,928 | ---- | C] () -- C:\Users\Arron\Documents\arron javal cv.doc [2010/10/09 16:20:23 | 000,155,350 | ---- | C] () -- C:\Users\Arron\Documents\10000-3(top).JPG [2010/10/09 16:20:23 | 000,132,352 | ---- | C] () -- C:\Users\Arron\Documents\123.jpg [2010/10/09 16:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Arron\Documents\2.docx [2010/10/09 15:30:40 | 001,939,971 | ---- | C] () -- C:\Users\Arron\Desktop\QTTN FORMAT.cdr [2010/10/09 15:30:40 | 000,997,851 | R--- | C] () -- C:\Users\Arron\Desktop\QTTN FORMAT_FINAL_macro enabled.xlsm [2010/10/09 15:30:40 | 000,000,654 | ---- | C] () -- C:\Users\Arron\Desktop\Speccy.lnk [2010/10/09 15:30:39 | 001,716,879 | ---- | C] () -- C:\Users\Arron\Desktop\NIGOL CLASSIC LOGO.png [2010/10/09 15:30:39 | 000,361,829 | ---- | C] () -- C:\Users\Arron\Desktop\CUSTOMER PROTECTION POLICY.pdf [2010/10/09 15:30:39 | 000,001,663 | ---- | C] () -- C:\Users\Arron\Desktop\FileZilla Client.lnk [2010/10/09 15:30:39 | 000,000,969 | ---- | C] () -- C:\Users\Arron\Desktop\CCleaner.lnk [2010/10/09 15:30:32 | 000,001,390 | ---- | C] () -- C:\Users\Arron\MODERN FURNITURE.SED [2010/10/09 15:03:43 | 000,001,145 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2010/10/09 13:27:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/10/09 12:38:37 | 000,000,000 | -H-- | C] () -- C:\Users\Arron\Documents\Default.rdp [2010/10/09 11:19:27 | 000,001,411 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/09 11:07:49 | 000,000,290 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2010/10/09 11:07:49 | 000,000,272 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2009/07/14 03:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 03:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008/10/04 03:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll [2008/09/28 21:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\Manipulate.dll [2008/08/28 15:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll [2008/08/28 15:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll [2008/08/28 15:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll [2006/11/06 23:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll ========== LOP Check ========== [2010/10/21 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/10/13 13:30:12 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\FileZilla [2010/10/09 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\IndigoRose [2010/10/20 22:34:37 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\TeamViewer [2010/10/28 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\uTorrent [2010/10/28 18:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At1.job [2010/10/28 18:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At2.job [2009/07/14 08:53:46 | 000,003,896 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
- October 28, 2010
- 21 replies
Windows must now restart because plug and play service terminated unexpectedly

akira_yuki13 posted a topic in Resolved Malware Removal Logs

Hi, this is my first time posting in this forums. I would just like to ask for help on removing this annoying virus. This is what happened, i was doing something in my computer, when "Windows must now restart because plug an play service terminated unexpectedly" pops up, and sometime "DCOM" something also pops up but not at the same time. When its not the "DCOM", its the "Plug and Play" thingy. so. i made a "shutdown -a" to postponed the reboot and try to scan it with MBAM and viola, str.sys is detected and it will be deleted after reboot yey. But after i reboot, same problem persist, same pop ups, and then i try rescanning again, str.sys was still in my PC. please help me, here is the HJT log together with the MBAM log. hoping gor your fast reply HJT log: ====================================================================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:44:45 PM, on 10/28/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\TeamViewer\Version5\TeamViewer.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\Arron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3GLYWUZ\HijackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts:
- October 28, 2010
- 21 replies

Sign In

akira_yuki13

Posts

Joined

Last visited

Reputation

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Windows must now restart because plug and play service terminated unexpectedly

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information