Jump to content

I`m infected with Google Redirect virus, please help...

PurpleShark
 Share

Recommended Posts

heir

heir

Posted
Posted

That's for another file, MBR.dat .

Please stop. Your just throwing posts at me at the moment.

I'll repost here what I want you to do.

There is no need to make a post for each step.

Please do the steps and I'm convinced you can fit them all in one post.

If not then use more then one.

You have four harddisks connected to that computer

C: <<<< ---- The drive that Vista Home is installed on.

G: <<<< ---- This drive indicates it has Windows XP installed on it (or have had)

E: and H: <<<< ---- Indicates there is unknown bootcode in mbr on each of them.

Is this a multiboot system?

C:\Users\user\Downloads\MBRCheck.exe
You didn't save that tool to your desktop as I asked you to.

You need to read the instructions carefully and follow them.

We are going to use that tool again and it needs to be on the desktop.

Please move it to the desktop.

Step 1.

Bootcheck:

Please download BootCheck.exe to your desktop.

  • Right click BootCheck.exe and chose run as administrator to run the check
  • When complete, a Notepad window will open with some text in it
  • Save the Notepad file to your desktop as BootCheck.txt
  • Copy the contents of BootCheck.txt and post it in your next reply

Step 2.

MBR backup:

Open notepad and copy/paste the text in the codebox below into it:

MBRCheck -s 0 -d MBRbckp0.dat
MBRCheck -s 2 -d MBRbckp2.dat
MBRCheck -s 3 -d MBRbckp3.dat
MBRCheck -s 4 -d MBRbckp4.dat
del 0%

Save this as bmbr.bat

Choose to "Save type as - All Files"

Save it on your desktop.

It should look like this: bat_icon.gif

Right click on bmbr.bat and chose run as administrator & allow it to run

Four files MBRbckp0.dat, MBRbckp2.dat, MBRbckp3.dat and MBRbckp4.dat will be created on your desktop.

Zip the files and attach that zipped file in a reply.

Step 3.

Filescans:

Please go to: VirusTotal

  • On the page you'll find a Browse - button.
  • Click on the Browse button.
  • In the Choose File to Upload window which opens, copy and paste this into the File Name box.

    C:\Users\user\Desktop\MBRbckp0.dat


  • Next, click the Open button.
  • Then click the Send File - button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Please repeat for the following files:

C:\Users\user\Desktop\MBRbckp2.dat

C:\Users\user\Desktop\MBRbckp3.dat

C:\Users\user\Desktop\MBRbckp4.dat

Step 4.

Things I would like to see in your reply:

  1. Answer to the question in the beginning of this post.
  2. The content of BootCheck.txt from step 1.
  3. The zip-file with the four .dat-files from step 2 attached.
  4. The links to the results for each of the four filescans in step 3.

I'll be back when all is posted.

Link to post
Share on other sites
  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

PurpleShark

PurpleShark

Posted
  • Author
Posted

Is this a multiboot system?

Not as far as I am aware. I have had to connect several external hard drives as I did not have enough memory on my C drive to store photos etc.

It runs on Vista now, not XP.

When I click on the Bootfile exe on my desktop, it says `unsupported file` in a black text box & doesn`t do anything else.

http://www.virustotal.com/file-scan/report.html?id=f07e8b5d1c455cf0303498cf81cbab56f158301dc04d6bd346bc34dcc0a5d7a6-1305201607

http://www.virustotal.com/file-scan/report.html?id=63bb8bb65906b9bf216b56ef3786d08c2ea87cbe938382d49d1b2f65a00c562f-1305202135

http://www.virustotal.com/file-scan/report.html?id=49e5e18980344912ccf8bb99be6508169fdd5422cb2f230d6defb971c3cfb48e-1305202255

http://www.virustotal.com/file-scan/report.html?id=867e851c0dbcd993e6c7c7a8e472769cf519ca368ce395b5e2a1265ca0678a48-1305201897

MBRbckp0.zip

Link to post
Share on other sites
heir

heir

Posted
Posted
When I click on the Bootfile exe on my desktop, it says `unsupported file` in a black text box & doesn`t do anything else.
Sorry about that, that tool doesn't work on Vista.

And you are still being redirected?

How are your computer connected to Internet?

Through a router or directly?

Link to post
Share on other sites
PurpleShark

PurpleShark

Posted
  • Author
Posted

I`m not being redirected every time, but it is still happening. The new pages are still very slow to load though.

I`m connected through a router.

Is there anything else I can do to get it working properly again?

I`ve restarted the computer in `normal mode` but I still have the white taskbar at the bottom of the screen and the grey shading around the outside of the notepad pages.

Is that something I need to change on the actual system now?

Link to post
Share on other sites
heir

heir

Posted
Posted
I`m connected through a router.

Are there any more computer connected to Internet through that router?

Are they getting redirected as well?

What is the brand and model of the router?

Is there anything else I can do to get it working properly again?
There is a possibility that the router is infected.
I`ve restarted the computer in `normal mode` but I still have the white taskbar at the bottom of the screen and the grey shading around the outside of the notepad pages.

Is that something I need to change on the actual system now?

This is the odd thing.

Lets scan with some other tools

Step 1.

OTL:

  • Download OTL to your desktop.
  • Right click on OTL.exe and chose run as administrator to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 90 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 2.

ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Step 3.

Things I would like to see in your reply:

  1. Answers to the questions in the beginning of this post.
  2. The content of OTL.txt and Extras.txt from step 1.
  3. The content of the log from EOS in step 2.

Link to post
Share on other sites
PurpleShark

PurpleShark

Posted
  • Author
Posted

Are there any more computer connected to Internet through that router? No

What is the brand and model of the router? Netgear for Sky Broadband

OTL Extras logfile created on: 12/05/2011 18:24:43 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 27.15 Gb Free Space | 18.22% Space Free | Partition Type: NTFS

Drive E: | 298.09 Gb Total Space | 117.18 Gb Free Space | 39.31% Space Free | Partition Type: NTFS

Drive G: | 1397.26 Gb Total Space | 1071.61 Gb Free Space | 76.69% Space Free | Partition Type: NTFS

Drive H: | 931.51 Gb Total Space | 902.55 Gb Free Space | 96.89% Space Free | Partition Type: NTFS

Computer Name: MUGGY | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2DC634B4-7AA7-488A-AC47-B07F179E2A55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{82348B08-5732-442C-AC97-2B168C510B1C}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |

"{90A87D2C-29CD-45A8-8537-FCB38379ADCA}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |

"{B462E9AA-491A-44BB-A30D-71AF596553F4}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{E74801F7-E731-4CFF-AA5B-7D340CEEC35B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{006894C3-4795-4ED7-9B3C-642DF5C6A6D2}" = protocol=6 | dir=in | app=c:\program files\broadband test application\broadbandtestapp.exe |

"{10B0CE40-1A99-4CA9-B717-80E92724D804}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1F4A50FA-FA80-4EF6-B8A5-0E9D4505FAB7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{2CA0C1FB-E98E-43D4-82C8-6754EEFB72AE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{305207F6-F0A0-4EA1-AC46-AB4269AB3C82}" = protocol=17 | dir=in | app=c:\program files\broadband test application\broadbandtestapp.exe |

"{46E2C707-D8D8-4735-8940-DED30B891C95}" = dir=in | app=d:\setup\hpznui01.exe |

"{495AB09D-3640-42DE-9681-71B82F5F3C77}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{651A523B-4EF0-490C-81D4-79B124C620D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{7544EAD2-4F89-46A4-AE15-3186CC0DD0F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{781C9C2D-A19D-4DBF-AB51-E823F5BCB630}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9D2C35AA-A515-4FA1-B663-1C411F5BBAC7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A5E3BC05-EF42-4231-914E-04B97733F44D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{BEE1F800-C1DF-403E-8DEC-43D6794ABA4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{BFBB5088-AC06-4EC9-B52C-DA3D087D0ACD}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{DF1F60BD-911C-4E56-8109-B12701676F71}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"TCP Query User{0775F036-054E-4146-81B9-041AD0A41269}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{43369BF7-D446-4292-8F46-A5483C479307}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{17F4D245-2BD8-43D4-A907-217917C3BF8C}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{D37A9E90-9ACF-4F80-B6E1-AE47759DCBB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{134EE273-0F1C-4A5B-817D-13111DB75B14}" = B109n-z

"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 25

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8466940C-84D8-484C-B1E3-C2E4D73FD5DD}" = PS_AIO_06_B109n-z_SW_Min

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}" = Broadband Test Application

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"ESET Online Scanner" = ESET Online Scanner v3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NIS" = Norton Internet Security

"NVIDIA Drivers" = NVIDIA Drivers

"Rapport_msi" = Rapport

"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.4 [32-Bit]

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 09/05/2011 15:45:06 | Computer Name = Muggy | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 09/05/2011 15:45:07 | Computer Name = Muggy | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".

Dependent

Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 09/05/2011 16:13:25 | Computer Name = Muggy | Source = Application Hang | ID = 1002

Description = The program PhotoDownloader.exe version 3.0.0.1448 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1664 Start Time: 01cc0e8488a5a77b Termination Time: 576

Error - 11/05/2011 11:35:54 | Computer Name = Muggy | Source = Perflib | ID = 1010

Description =

Error - 11/05/2011 11:57:58 | Computer Name = Muggy | Source = Application Hang | ID = 1002

Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Problem Reports and Solutions control panel. Process

ID: b70 Start Time: 01cc0fcfc6cac470 Termination Time: 173

Error - 11/05/2011 18:48:18 | Computer Name = Muggy | Source = Application Error | ID = 1000

Description = Faulting application _isB527.exe, version 12.0.0.58849, time stamp

0x45b1a378, faulting module _isB527.exe, version 12.0.0.58849, time stamp 0x45b1a378,

exception code 0xc0000005, fault offset 0x0001e7b9, process id 0x20e4, application

start time 0x01cc102d82d25950.

Error - 11/05/2011 18:54:32 | Computer Name = Muggy | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 11/05/2011 18:54:32 | Computer Name = Muggy | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 12/05/2011 13:23:39 | Computer Name = Muggy | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.22.3 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Problem Reports and Solutions control panel. Process

ID: 13c4 Start Time: 01cc10c7e92cd7cf Termination Time: 24

Error - 12/05/2011 13:44:36 | Computer Name = Muggy | Source = System Restore | ID = 8193

Description =

[ System Events ]

Error - 09/05/2011 15:37:36 | Computer Name = Muggy | Source = LSM | ID = 1048

Description =

Error - 09/05/2011 15:45:07 | Computer Name = Muggy | Source = LSM | ID = 1048

Description =

Error - 09/05/2011 15:55:19 | Computer Name = Muggy | Source = LSM | ID = 1048

Description =

Error - 11/05/2011 07:36:24 | Computer Name = Muggy | Source = LSM | ID = 1048

Description =

Error - 11/05/2011 07:36:55 | Computer Name = Muggy | Source = PlugPlayManager | ID = 11

Description = The device Root\LEGACY_SMR162\0000 disappeared from the system without

first being prepared for removal.

Error - 11/05/2011 08:19:39 | Computer Name = Muggy | Source = Service Control Manager | ID = 7011

Description =

Error - 11/05/2011 13:13:41 | Computer Name = Muggy | Source = Service Control Manager | ID = 7011

Description =

Error - 11/05/2011 18:54:13 | Computer Name = Muggy | Source = LSM | ID = 1048

Description =

Error - 11/05/2011 22:35:51 | Computer Name = Muggy | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.2 for the Network Card with network

address 0019D138C5AD has been denied by the DHCP server 192.168.0.1 (The DHCP Server

sent a DHCPNACK message).

Error - 12/05/2011 09:19:53 | Computer Name = Muggy | Source = LSM | ID = 1048

Description =

< End of report >

Link to post
Share on other sites
PurpleShark

PurpleShark

Posted
  • Author
Posted

OTL logfile created on: 12/05/2011 18:24:43 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\user\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 27.15 Gb Free Space | 18.22% Space Free | Partition Type: NTFS

Drive E: | 298.09 Gb Total Space | 117.18 Gb Free Space | 39.31% Space Free | Partition Type: NTFS

Drive G: | 1397.26 Gb Total Space | 1071.61 Gb Free Space | 76.69% Space Free | Partition Type: NTFS

Drive H: | 931.51 Gb Total Space | 902.55 Gb Free Space | 96.89% Space Free | Partition Type: NTFS

Computer Name: MUGGY | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 18:05:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe

PRC - [2011/05/12 13:22:35 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\user\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe

PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe

PRC - [2011/04/08 10:17:30 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/23 13:36:23 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe

PRC - [2008/01/19 08:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

PRC - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

========== Modules (SafeList) ==========

MOD - [2011/05/12 18:05:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe

MOD - [2011/04/29 16:59:06 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll

MOD - [2011/04/29 16:59:06 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll

MOD - [2011/04/29 01:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll

MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)

SRV - [2011/04/08 10:17:30 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2009/03/23 13:36:23 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)

SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)

========== Driver Services (SafeList) ==========

DRV - [2011/05/11 13:14:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2011/05/11 13:14:04 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/05/11 13:09:23 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2011/05/04 02:33:20 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110512.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2011/05/04 02:33:20 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110512.002\NAVENG.SYS -- (NAVENG)

DRV - [2011/05/02 13:00:32 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26169\RapportCerberus_26169.sys -- (RapportCerberus_26169)

DRV - [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2011/04/08 10:17:38 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)

DRV - [2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)

DRV - [2011/04/08 10:17:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)

DRV - [2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2011/03/22 01:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)

DRV - [2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)

DRV - [2011/03/14 19:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110511.001\IDSvix86.sys -- (IDSVix86)

DRV - [2011/01/27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)

DRV - [2011/01/27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)

DRV - [2010/12/02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)

DRV - [2010/02/26 11:45:55 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka)

DRV - [2009/04/14 03:33:00 | 007,766,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)

DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)

DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)

DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)

DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)

DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)

DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)

DRV - [2008/01/19 05:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2007/12/10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7

FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/05/11 23:55:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/05/11 13:05:18 | 000,000,000 | ---D | M]

[2011/03/29 16:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions

[2011/03/29 16:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1 localhost

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found

O4 - HKLM..\RunOnceEx: [Title] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-gb/wlscctrl2.cab (Reg Error: Key error.)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/12/15 10:52:18 | 000,000,080 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]

O33 - MountPoints2\{5315aa6d-48d5-11e0-a080-0019d138c5ad}\Shell\AutoRun\command - "" = H:\Setup.exe -- [2009/01/16 08:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found

MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - Service

SafeBootMin: MCODS - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - Service

SafeBootNet: MCODS - Service

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - ff_vfw.dll File not found

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2011/05/12 18:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/05/12 18:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2011/05/11 23:42:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/05/11 13:09:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys

[2011/05/11 13:09:11 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symtdiv.sys

[2011/05/11 13:09:11 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys

[2011/05/11 13:09:10 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys

[2011/05/11 13:09:05 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys

[2011/05/11 13:09:03 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys

[2011/05/11 13:09:03 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\ironx86.sys

[2011/05/11 13:05:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1206000.01D

[2011/05/10 06:41:09 | 000,000,000 | ---D | C] -- C:\NBRT

[2011/05/09 21:04:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2011/05/09 21:04:19 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Norton

[2011/05/09 20:32:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011/05/09 20:26:56 | 000,100,736 | ---- | C] (GMER) -- C:\fxldypod.sys

[2011/05/09 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ElevatedDiagnostics

[2011/05/09 16:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011/05/09 16:21:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DriverCure

[2011/05/09 16:21:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ParetoLogic

[2011/05/09 16:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS

[2011/05/09 16:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2011/05/09 16:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2011/05/09 14:33:03 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\My Council Tax Bills

[2011/05/07 17:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe

[2011/05/06 13:54:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011/05/06 12:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/05/06 12:34:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CrashDumps

[2011/05/05 22:28:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\HpUpdate

[2011/05/04 10:17:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\NPE

[2011/05/03 23:20:43 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011/05/03 23:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2011/05/03 23:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2011/05/03 23:19:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS

[2011/05/03 23:19:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2011/05/03 23:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security

[2011/05/03 23:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2011/05/03 23:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2011/05/03 23:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2011/05/02 13:43:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG

[2011/05/02 11:44:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BA554000-D974-4295-8A8D-A8A8569D9619}

[2011/05/01 00:02:50 | 000,028,672 | ---- | C] (Auralis, Inc.) -- C:\Windows\System32\ssconfig.exe

[2011/04/30 14:30:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Player Classic

[2011/04/30 14:28:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Essentials Codec Pack

[2011/04/30 14:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack

[2011/04/29 20:35:36 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2011/04/29 17:04:20 | 000,000,000 | ---D | C] -- C:\Windows\en

[2011/04/29 16:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2011/04/29 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2011/04/29 04:33:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\WinBatch

[2011/04/29 03:51:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2011/04/28 01:38:00 | 000,000,000 | ---D | C] -- C:\CardRecovery

[2011/04/25 21:30:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Trusteer

[2011/04/25 16:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2011/04/19 21:02:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CrashRpt

[2011/04/19 21:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Epitiro

[2011/04/19 21:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Broadband Test Application

[2011/04/19 21:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2011/04/18 21:46:11 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\CardRecovery

[2011/04/18 20:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardRecovery

[2011/04/18 20:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\CardRecovery

[2011/04/18 14:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[2011/04/18 09:41:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe

[2011/04/17 22:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic

[2011/04/17 22:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations

[2011/04/16 21:37:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\asoftech

[2011/04/08 10:17:38 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

[2011/04/05 01:05:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live

[2011/04/05 01:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2011/04/04 03:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2011/04/03 00:19:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN

[2011/04/03 00:19:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES

[2011/04/03 00:19:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES

[2011/04/02 23:25:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2011/03/29 16:10:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mozilla

[2011/03/28 22:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software

[2011/03/28 22:25:26 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeD94E.dll

[2011/03/28 22:25:20 | 000,114,600 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdm.sys

[2011/03/28 22:25:20 | 000,109,736 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017unic.sys

[2011/03/28 22:25:20 | 000,108,328 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mgmt.sys

[2011/03/28 22:25:20 | 000,104,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017obex.sys

[2011/03/28 22:25:20 | 000,086,824 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017bus.sys

[2011/03/28 22:25:20 | 000,026,024 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017nd5.sys

[2011/03/28 22:25:20 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdfl.sys

[2011/03/28 22:25:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017whnt.sys

[2011/03/28 22:25:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017wh.sys

[2011/03/28 22:25:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cmnt.sys

[2011/03/28 22:25:20 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cm.sys

[2011/03/28 22:25:20 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cr.sys

[2011/03/28 22:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/03/15 04:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2011/03/14 23:12:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011/03/13 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Leadertech

[2011/03/09 14:17:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple

[2011/03/07 20:36:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple Computer

[2011/03/07 16:58:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe

[2011/03/07 01:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/03/06 22:50:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/03/06 22:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/03/06 22:50:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/03/06 22:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/02/18 01:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2011/02/18 01:56:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVS4YOU

[2011/02/18 01:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia

[2011/02/13 13:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

========== Files - Modified Within 90 Days ==========

[2011/05/12 18:27:14 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022990765-3215805050-1820995926-1000UA.job

[2011/05/12 18:19:20 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/12 18:19:19 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/12 18:18:44 | 000,000,607 | ---- | M] () -- C:\Users\user\Desktop\esetsmartinstaller_enu - Shortcut.lnk

[2011/05/12 18:12:57 | 000,000,506 | ---- | M] () -- C:\Users\user\Desktop\OTL - Shortcut.lnk

[2011/05/12 18:00:01 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2011/05/12 14:20:04 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\IsposureAgent.job

[2011/05/12 14:20:03 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\Owjuyj.job

[2011/05/12 14:19:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/12 13:27:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022990765-3215805050-1820995926-1000Core.job

[2011/05/12 06:50:20 | 002,107,882 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB

[2011/05/11 23:54:08 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2011/05/11 23:44:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/05/11 23:42:50 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2011/05/11 18:44:35 | 000,002,696 | ---- | M] () -- C:\{38CD17DF-A927-446C-880C-5B49FE2C7F81}

[2011/05/11 15:12:53 | 000,000,000 | ---- | M] () -- C:\Users\user\defogger_reenable

[2011/05/11 13:09:23 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011/05/11 13:09:23 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011/05/11 13:09:23 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011/05/09 21:10:38 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/09 21:10:37 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/09 20:32:46 | 355,680,041 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/05/09 20:26:56 | 000,100,736 | ---- | M] (GMER) -- C:\fxldypod.sys

[2011/05/07 17:11:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011/05/07 17:11:29 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt

[2011/05/07 17:11:29 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat

[2011/05/07 15:59:30 | 000,018,432 | ---- | M] () -- C:\Users\user\Documents\NATIVE AMERICAN INDIAN WEDDING BLESSING.wps

[2011/05/07 15:59:30 | 000,002,250 | ---- | M] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

[2011/05/06 13:54:20 | 000,002,037 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk

[2011/05/06 13:54:20 | 000,001,999 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/06 12:51:04 | 000,000,903 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/05/04 22:25:21 | 000,103,424 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/01 00:04:37 | 000,000,084 | ---- | M] () -- C:\Windows\WSST_Screen_Saver.ini

[2011/05/01 00:04:15 | 002,909,820 | ---- | M] () -- C:\Windows\Blue Planet The Deep.dat

[2011/05/01 00:04:15 | 000,466,944 | ---- | M] () -- C:\Windows\Blue Planet The Deep.scr

[2011/05/01 00:04:15 | 000,180,224 | ---- | M] () -- C:\Windows\UninstallWSST.exe

[2011/05/01 00:04:15 | 000,028,672 | ---- | M] (Auralis, Inc.) -- C:\Windows\System32\ssconfig.exe

[2011/05/01 00:02:50 | 002,181,486 | ---- | M] () -- C:\Windows\Blue Planet.dat

[2011/05/01 00:02:50 | 000,466,944 | ---- | M] () -- C:\Windows\Blue Planet.scr

[2011/04/29 20:34:51 | 000,274,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/04/29 16:49:23 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2011/04/29 16:49:23 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2011/04/29 16:48:54 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011/04/29 04:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini

[2011/04/19 21:02:13 | 000,000,296 | ---- | M] () -- C:\Windows\{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}_WiseFW.ini

[2011/04/18 21:43:48 | 000,000,511 | ---- | M] () -- C:\Users\Public\Desktop\CardRecovery.lnk

[2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

[2011/04/05 02:29:26 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.cat

[2011/04/05 02:25:18 | 000,007,454 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.cat

[2011/04/05 02:25:18 | 000,007,450 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.cat

[2011/04/04 03:27:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2011/04/04 03:26:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2011/03/31 04:04:12 | 000,007,877 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.cat

[2011/03/31 04:04:12 | 000,007,458 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.cat

[2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.sys

[2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.sys

[2011/03/31 04:00:09 | 000,001,389 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.inf

[2011/03/31 04:00:09 | 000,001,383 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.inf

[2011/03/28 22:25:26 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpeD94E.dll

[2011/03/28 18:57:30 | 000,001,854 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/03/28 18:36:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

[2011/03/22 19:20:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2011/03/22 01:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symtdiv.sys

[2011/03/22 01:39:49 | 000,296,568 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symnets.sys

[2011/03/22 01:39:48 | 000,001,474 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.inf

[2011/03/22 01:39:48 | 000,001,446 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.inf

[2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys

[2011/03/15 03:31:23 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.inf

[2011/03/13 18:31:45 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll

[2011/03/13 18:31:37 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll

[2011/03/06 22:10:38 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat

[2011/03/06 19:14:59 | 000,069,632 | RHS- | M] () -- C:\Windows\System32\wisptiso.dll

[2011/02/23 16:20:54 | 000,002,048 | ---- | M] () -- C:\Users\user\AppData\Roaming\All Say Cheese Photobook Creator Prefs

========== Files Created - No Company Name ==========

[2011/05/12 18:18:44 | 000,000,607 | ---- | C] () -- C:\Users\user\Desktop\esetsmartinstaller_enu - Shortcut.lnk

[2011/05/12 18:12:57 | 000,000,506 | ---- | C] () -- C:\Users\user\Desktop\OTL - Shortcut.lnk

[2011/05/11 23:50:23 | 002,107,882 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB

[2011/05/11 18:44:35 | 000,002,696 | ---- | C] () -- C:\{38CD17DF-A927-446C-880C-5B49FE2C7F81}

[2011/05/11 15:12:53 | 000,000,000 | ---- | C] () -- C:\Users\user\defogger_reenable

[2011/05/11 13:09:11 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.cat

[2011/05/11 13:09:11 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.cat

[2011/05/11 13:09:11 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.cat

[2011/05/11 13:09:11 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.inf

[2011/05/11 13:09:11 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnetv.inf

[2011/05/11 13:09:11 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symnet.inf

[2011/05/11 13:09:10 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.inf

[2011/05/11 13:09:05 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.cat

[2011/05/11 13:09:05 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtspx.inf

[2011/05/11 13:09:03 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.cat

[2011/05/11 13:09:03 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.cat

[2011/05/11 13:09:03 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\srtsp.inf

[2011/05/11 13:09:03 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\iron.inf

[2011/05/11 13:05:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.cat

[2011/05/11 13:05:18 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini

[2011/05/09 20:32:46 | 355,680,041 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/05/07 17:11:29 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat

[2011/05/07 15:59:30 | 000,018,432 | ---- | C] () -- C:\Users\user\Documents\NATIVE AMERICAN INDIAN WEDDING BLESSING.wps

[2011/05/06 13:54:20 | 000,002,037 | ---- | C] () -- C:\Users\user\Desktop\Google Chrome.lnk

[2011/05/06 13:54:20 | 000,001,999 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/05/06 13:52:45 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022990765-3215805050-1820995926-1000UA.job

[2011/05/06 13:52:44 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022990765-3215805050-1820995926-1000Core.job

[2011/05/03 23:55:06 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/05/03 23:20:43 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011/05/03 23:20:43 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011/05/03 23:20:32 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2011/05/01 00:04:15 | 002,909,820 | ---- | C] () -- C:\Windows\Blue Planet The Deep.dat

[2011/05/01 00:04:15 | 000,466,944 | ---- | C] () -- C:\Windows\Blue Planet The Deep.scr

[2011/05/01 00:02:51 | 000,000,084 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini

[2011/05/01 00:02:50 | 002,181,486 | ---- | C] () -- C:\Windows\Blue Planet.dat

[2011/05/01 00:02:50 | 000,466,944 | ---- | C] () -- C:\Windows\Blue Planet.scr

[2011/05/01 00:02:50 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe

[2011/04/29 20:37:18 | 000,000,909 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2011/04/29 17:02:47 | 000,001,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

[2011/04/29 16:48:54 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011/04/19 21:02:22 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\IsposureAgent.job

[2011/04/19 21:01:56 | 000,000,296 | ---- | C] () -- C:\Windows\{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}_WiseFW.ini

[2011/04/18 20:54:07 | 000,000,511 | ---- | C] () -- C:\Users\Public\Desktop\CardRecovery.lnk

[2011/04/17 22:21:07 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2011/04/04 03:27:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2011/04/04 03:26:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2011/03/28 18:57:30 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk

[2011/03/28 18:57:30 | 000,001,854 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/03/28 18:36:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

[2011/03/22 19:20:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2011/03/14 23:24:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011/03/14 23:24:23 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex

[2011/03/14 23:11:01 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2011/03/14 23:11:01 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2011/03/14 23:11:01 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2011/03/14 16:13:30 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd

[2011/03/14 16:13:27 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man

[2011/03/14 16:13:20 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf

[2011/03/14 16:13:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011/03/14 16:13:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011/03/14 16:13:15 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf

[2011/03/14 16:13:11 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf

[2011/03/14 16:12:54 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF

[2011/03/14 16:12:52 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs

[2011/03/14 16:12:05 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml

[2011/03/14 16:11:54 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml

[2011/03/06 19:14:59 | 000,069,632 | RHS- | C] () -- C:\Windows\System32\wisptiso.dll

[2011/03/06 19:14:59 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\Owjuyj.job

[2011/03/06 13:12:55 | 000,202,053 | ---- | C] () -- C:\Windows\hpoins39.dat.temp

[2011/03/06 13:12:55 | 000,000,703 | ---- | C] () -- C:\Windows\hpomdl39.dat.temp

[2010/12/08 02:09:15 | 000,002,048 | ---- | C] () -- C:\Users\user\AppData\Roaming\All Say Cheese Photobook Creator Prefs

[2010/12/08 02:09:15 | 000,002,048 | ---- | C] () -- C:\Users\user\AppData\Roaming\All Say Cheese Photobook Creator Prefs (2)

[2010/11/17 22:16:00 | 000,202,053 | ---- | C] () -- C:\Windows\hpoins39.dat

[2010/11/17 22:16:00 | 000,000,703 | ---- | C] () -- C:\Windows\hpomdl39.dat

[2010/02/21 04:11:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/03/23 13:36:24 | 000,266,240 | ---- | C] () -- C:\Windows\System32\CSHelper.exe

[2009/01/21 01:13:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/01/06 02:10:36 | 000,029,982 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png

[2009/01/06 02:10:36 | 000,029,982 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile (2).png

[2009/01/06 01:01:02 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat

[2009/01/06 01:01:02 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps (2).dat

[2008/11/19 21:44:01 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2008/10/09 21:18:28 | 000,002,250 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat

[2008/10/09 21:18:28 | 000,002,104 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst (2).dat

[2008/10/04 23:12:51 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys

[2008/10/02 18:19:07 | 000,000,386 | ---- | C] () -- C:\Windows\AvDetected.ini

[2008/10/02 00:35:23 | 000,103,424 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/10/01 12:05:32 | 000,066,752 | ---- | C] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1 (2).DAT

[2006/11/02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:44:53 | 000,274,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/12/08 02:07:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\All Say Cheese Photobook Creator

[2011/03/06 22:12:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amazon

[2011/04/16 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\asoftech

[2011/05/02 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG

[2010/02/18 17:45:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/02/27 15:42:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/05/09 16:21:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure

[2011/03/06 20:16:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeFileViewer

[2011/03/13 23:09:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech

[2011/05/09 16:21:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic

[2011/03/06 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic

[2011/03/06 20:17:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template

[2009/01/23 18:09:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TomTom

[2010/02/05 18:27:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Trusteer

[2011/04/29 04:33:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinBatch

[2011/05/12 14:20:04 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\IsposureAgent.job

[2011/05/12 14:20:03 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\Owjuyj.job

[2011/05/12 18:00:01 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2011/05/12 14:15:29 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >

[2011/05/04 17:58:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe

[2010/12/08 02:07:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\All Say Cheese Photobook Creator

[2011/03/06 22:12:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amazon

[2010/02/19 12:33:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apple Computer

[2011/04/16 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\asoftech

[2011/05/02 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG

[2011/02/18 01:59:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVS4YOU

[2010/02/18 17:45:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/02/27 15:42:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/05/09 16:21:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure

[2011/03/06 20:16:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeFileViewer

[2008/11/27 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Google

[2010/05/19 17:58:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HP

[2011/05/05 22:29:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HpUpdate

[2008/10/01 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities

[2009/08/08 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Kodak

[2011/03/13 23:09:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech

[2008/10/01 18:48:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia

[2008/10/02 22:26:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes

[2011/04/30 14:30:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Player Classic

[2011/05/04 17:58:37 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft

[2011/03/29 16:10:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla

[2011/05/09 16:21:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic

[2011/03/06 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic

[2011/04/25 18:34:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony Corporation

[2011/03/06 20:17:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template

[2009/01/23 18:09:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TomTom

[2010/02/05 18:27:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Trusteer

[2011/04/29 04:33:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinBatch

[2010/05/19 00:49:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Yahoo!

< %APPDATA%\*.exe /s >

[2010/01/23 22:04:42 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

[2011/02/04 00:17:50 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe

[2011/04/29 15:22:03 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe

[2011/03/29 16:12:33 | 020,391,528 | ---- | M] (TomTom International B.V.) -- C:\Users\user\AppData\Roaming\TomTom\HOME\Profiles\6wsc6f9x.default\Updates\v2_8_1_2218_win.exe

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >

[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2006/11/22 15:55:53 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys

[2006/11/22 15:55:53 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys

[2006/11/22 15:55:53 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys

[2008/10/02 10:50:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2008/10/02 10:50:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008/10/02 10:50:07 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >

[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >

[2008/01/19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys

[2008/01/19 08:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys

[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys

[2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >

[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >

[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >

[2009/04/11 07:28:17 | 001,730,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\apds.dll

[2011/03/06 19:14:59 | 000,069,632 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\wisptiso.dll

< %systemroot%\Tasks\*.job /lockedfiles >

[2011/05/12 14:20:03 | 000,000,306 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\Owjuyj.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

[2011/02/22 14:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys

[2011/02/22 14:23:59 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys

[2011/02/22 14:24:10 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys

[2011/02/22 14:24:02 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys

[2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

[2011/02/18 15:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2011/02/18 15:03:10 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys

[2011/02/18 15:03:06 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

[2011/05/11 13:09:23 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011/02/18 16:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

The ESET online scanner is still scanning, it has found "a variant of Java/Trojan downloader.OpenConnection.MU trojan"

Link to post
Share on other sites
heir

heir

Posted
Posted

Let's try and fix this now.

It looks as you've had other tools installed on that computer.

[2011/03/06 20:17:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic

[2011/05/02 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG

Something I should point out, regarding Registry Mechanic, CCleaner ,Glary Utilities, TuneUp Utilities and similar products

It's not recommended to use of registry cleaners. These often cause more problems than they fix. One of my colleagues, miekiemoes has an excellent writeup here

Another excellent article by Bill Castner is located here.

As for AVG products you can use AVG Remover to completely remove it.

If that fails you can use AppRemover

Is H: a removable external drive ?

C:\Users\user\Downloads\OTL.exe

You didn't save OTL.exe on your desktop. why?

Now you have to keep track were you put the tools so you remember where they are when they should be removed.

Step 1.

OTL-fix:

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2011/05/12 14:20:03 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\Owjuyj.job
    :Files
    ipconfig /flushdns /c
    type H:\autorun.inf /c
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog

Step 2.

Scan a file:

Please go to: VirusTotal

  • On the page you'll find a Browse - button.
  • Click on the Browse button.
  • In the Choose File to Upload window which opens, copy and paste this into the File Name box.
    H:\Setup.exe


  • Next, click the Open button.
  • Then click the Send File - button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Step 3.

MsConfig settings:

  • Click Start and type msconfig in the Start Search box and hit enter. The msconfig-window will open
  • Select the General tab and select Normal Startup.
  • Then click Apply and OK and reboot PC before continuing.

Step 4.

The Desktop settings:

Please go here and change the settings from Classic Start menu to Start menu.

Step 5.

OTL-scan:

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option File Scans set the File Age to 30 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, Use No-Company Name WhiteList, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in
    msconfig
    %APPDATA%\*.
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 6.

Things I would like to see in your reply:

  1. Answer to the question in the beginning of this post.
  2. The content of the fixlog from OTL in step 1 pasted.
  3. The link to the results of the filescan in step 2.
  4. The content of OTL.txt from step 5 pasted.
  5. Information on how your computer is running now.

Link to post
Share on other sites
heir

heir

Posted
Posted
Ok, I`ll have to wait until the ESET has stopped scanning. It`s been going for 18 hours now & the blue bar isn`t even halfway across.
Has it detected anything?

When it's done post the log and then continue with the steps in my previous post.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.