View Full Version : New Virus on the Net?
AlmightyDeath
2011-01-10, 01:40
Hey Guy,
My wifes laptop started acting strangly this evening, all web browsers started to open random pages when running and a popup appeared in the bottom right corner over the clock saying there was a threat detected and run a scan (it looked a bit like avg but had the wrong logo, etc...)
I have run a few scans; avg v9, spybot search & destroy, mbam, hijackthis, and used security task manager to keep an eye on some odd looking processes.
1 processes in particular nmed something like 'hjhjhhss.exe' had a very high threat rating which I ended.
I just had my dad on the phone with the same problems with his PC so I told him to turn it off and leave it alone until I know how to fix it for him, as he wont be able to do it himself.
Would appreciate any help at this point to try and narrow down and get the little bugger, and I can't seem to get rid of it at the moment.
DDS log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Gemma at 23:11:36.18 on 09/01/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3573.1873 [GMT 0:00]
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gemma\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8074
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\gemma\appdata\roaming\mozilla\firefox\profiles\9egm0rk2.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-12 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-12 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-12 243024]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-10-14 73728]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-9 1153368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-25 112128]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-8 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
=============== Created Last 30 ================
2011-01-09 22:30:44 -------- d-----w- c:\windows\pss
2011-01-09 21:28:51 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-09 21:28:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-09 19:22:45 -------- d-----w- c:\progra~2\SecTaskMan
2011-01-09 19:20:30 -------- d-----w- c:\users\gemma\appdata\roaming\Malwarebytes
2011-01-09 19:20:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-09 19:20:18 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-09 19:20:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-09 19:20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-24 10:37:14 -------- d-----w- c:\users\gemma\appdata\roaming\Local
2010-12-24 10:36:32 -------- d-----w- c:\program files\common files\PX Storage Engine
2010-12-20 13:58:50 -------- d-----w- c:\users\gemma\appdata\roaming\gogii
2010-12-20 13:52:56 -------- d-----w- c:\program files\Fiction Fixers - The Curse of OZ
2010-12-20 13:49:38 -------- d-----w- c:\program files\Fiction Fixers - Adventures in Wonderland
2010-12-20 13:47:38 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-20 13:44:19 -------- d-----w- c:\program files\Haunted Legends - The Queen of Spades Collector's Edition
2010-12-16 22:20:02 -------- d--h--w- C:\$AVG
==================== Find3M ====================
2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
============= FINISH: 23:12:11.33 ===============
attach.txt in zip:
6626
Thanks
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Your being hijacked
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
AlmightyDeath
2011-01-13, 00:47
OTL logfile created on: 12/01/2011 22:43:06 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Gemma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 161.58 Gb Free Space | 54.21% Space Free | Partition Type: NTFS
Computer Name: WOODENHORSE | User Name: Gemma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Gemma\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Users\Gemma\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\BCM42RLY.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (VNUSB) -- C:\Windows\System32\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/26 09:55:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/24 10:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/24 10:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 10:01:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 10:01:47 | 000,000,000 | ---D | M]
[2008/10/17 15:52:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gemma\AppData\Roaming\Mozilla\Extensions
[2011/01/12 18:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gemma\AppData\Roaming\Mozilla\Firefox\Profiles\9egm0rk2.default\extensions
[2010/09/11 15:54:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gemma\AppData\Roaming\Mozilla\Firefox\Profiles\9egm0rk2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/17 16:08:39 | 000,000,523 | ---- | M] () -- C:\Users\Gemma\AppData\Roaming\Mozilla\Firefox\Profiles\9egm0rk2.default\searchplugins\daemon-search.xml
[2011/01/12 18:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 13:01:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/09 22:36:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/26 09:55:12 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/12/24 10:37:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/24 10:37:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/16 00:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 00:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 00:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 00:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/01/09 22:13:30 | 000,428,538 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14757 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/01/12 22:41:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gemma\Desktop\OTL.exe
[2011/01/09 22:36:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/01/09 22:36:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/01/09 22:36:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/01/09 22:30:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/09 21:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/09 21:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/09 21:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/09 19:25:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Gemma\Desktop\HijackThis.exe
[2011/01/09 19:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/01/09 19:21:41 | 000,000,000 | ---D | C] -- C:\Users\Gemma\Desktop\sec_man
[2011/01/09 19:20:30 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Malwarebytes
[2011/01/09 19:20:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/09 19:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/09 19:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/09 19:20:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/09 19:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/09 19:19:19 | 000,000,000 | ---D | C] -- C:\Users\Gemma\Desktop\s_snd
[2010/12/24 10:37:14 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Local
[2010/12/24 10:36:53 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\DivX
[2010/12/24 10:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/12/20 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\gogii
[2010/12/20 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - The Curse of OZ
[2010/12/20 13:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - The Curse of OZ
[2010/12/20 13:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Fiction Fixers - The Curse of OZ
[2010/12/20 13:49:38 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - Adventures in Wonderland
[2010/12/20 13:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - Adventures in Wonderland
[2010/12/20 13:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Fiction Fixers - Adventures in Wonderland
[2010/12/20 13:47:38 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twisted - A Haunted Carol
[2010/12/20 13:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twisted - A Haunted Carol
[2010/12/20 13:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Twisted - A Haunted Carol
[2010/12/20 13:44:19 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Legends - The Queen of Spades Collector's Edition
[2010/12/20 13:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Legends - The Queen of Spades Collector's Edition
[2010/12/20 13:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Haunted Legends - The Queen of Spades Collector's Edition
[2010/12/16 22:20:02 | 000,000,000 | -H-D | C] -- C:\$AVG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/01/12 22:41:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gemma\Desktop\OTL.exe
[2011/01/12 21:45:18 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/12 21:45:18 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/12 18:11:03 | 070,072,782 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/01/12 10:14:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/12 09:51:34 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/12 09:51:34 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/12 09:45:16 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/09 23:36:44 | 000,003,437 | ---- | M] () -- C:\Users\Gemma\Desktop\Attach.zip
[2011/01/09 23:11:27 | 000,624,128 | ---- | M] () -- C:\Users\Gemma\Desktop\dds.scr
[2011/01/09 22:13:30 | 000,428,538 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/09 21:29:02 | 000,001,055 | ---- | M] () -- C:\Users\Gemma\Desktop\Spybot - Search & Destroy.lnk
[2011/01/09 19:20:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/09 18:15:33 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Gemma\Desktop\HijackThis.exe
[2010/12/25 16:21:55 | 000,029,184 | ---- | M] () -- C:\Users\Gemma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/24 10:37:14 | 000,001,435 | ---- | M] () -- C:\Users\Gemma\Desktop\DivX Movies.lnk
[2010/12/24 10:36:48 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/12/24 10:36:29 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 13:53:50 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Play Fiction Fixers - The Curse of OZ.lnk
[2010/12/20 13:53:50 | 000,001,588 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/12/20 13:50:22 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Play Fiction Fixers - Adventures in Wonderland.lnk
[2010/12/20 13:48:29 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Play Twisted - A Haunted Carol.lnk
[2010/12/20 13:45:08 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Play Haunted Legends - The Queen of Spades Collector's Edition.lnk
[2010/12/16 22:26:20 | 368,197,632 | ---- | M] () -- C:\Users\Gemma\Desktop\Mickey's Christmas Carol.avi
[2010/12/16 22:22:55 | 000,173,679 | ---- | M] () -- C:\Users\Gemma\Desktop\Dandelion.jpg
[2010/12/16 22:22:40 | 000,028,535 | ---- | M] () -- C:\Users\Gemma\Desktop\Brian froud toadstool.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/01/09 23:36:44 | 000,003,437 | ---- | C] () -- C:\Users\Gemma\Desktop\Attach.zip
[2011/01/09 23:11:26 | 000,624,128 | ---- | C] () -- C:\Users\Gemma\Desktop\dds.scr
[2011/01/09 21:29:02 | 000,001,055 | ---- | C] () -- C:\Users\Gemma\Desktop\Spybot - Search & Destroy.lnk
[2011/01/09 19:20:22 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/24 10:36:48 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/12/24 10:36:29 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/12/20 13:53:50 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Play Fiction Fixers - The Curse of OZ.lnk
[2010/12/20 13:53:50 | 000,001,588 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/12/20 13:50:22 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Play Fiction Fixers - Adventures in Wonderland.lnk
[2010/12/20 13:48:29 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Play Twisted - A Haunted Carol.lnk
[2010/12/20 13:45:08 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Play Haunted Legends - The Queen of Spades Collector's Edition.lnk
[2010/12/16 22:22:54 | 000,173,679 | ---- | C] () -- C:\Users\Gemma\Desktop\Dandelion.jpg
[2010/12/16 22:22:40 | 000,028,535 | ---- | C] () -- C:\Users\Gemma\Desktop\Brian froud toadstool.jpg
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/03 11:22:58 | 000,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2009/06/03 11:22:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2008/10/19 11:09:59 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/10/17 16:12:43 | 000,029,184 | ---- | C] () -- C:\Users\Gemma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/17 16:05:43 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/10/17 16:05:12 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/10/17 16:05:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/10/14 13:26:25 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/10/14 13:24:25 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/10/14 13:15:18 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/10/14 13:15:18 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/10/14 13:15:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/10/14 13:15:18 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/10/14 13:15:18 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/10/14 12:54:22 | 000,000,680 | ---- | C] () -- C:\Users\Gemma\AppData\Local\d3d9caps.dat
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2010/03/27 16:28:00 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\2monkeys
[2010/04/02 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\AzuazGames
[2010/04/26 16:57:02 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Big Fish Games
[2010/04/23 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Boomzap
[2009/10/03 17:53:54 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Cat's Eye Games
[2009/03/10 16:52:29 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\cerasus.media
[2009/03/21 18:54:53 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\ChaosTrend
[2008/10/17 16:05:37 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\DAEMON Tools
[2010/04/04 11:53:09 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/11/26 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\EleFun Games
[2010/10/31 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Elephant Games
[2010/10/31 12:50:20 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\ERS G-Studio
[2010/10/31 11:20:04 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\ERS Game Studios
[2010/04/04 11:47:18 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Frogwares
[2010/12/20 13:58:50 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\gogii
[2010/02/03 16:55:17 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\GTM_Bodie
[2009/10/18 16:30:20 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\HdO Adventure
[2010/04/09 20:09:16 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\LegacyInteractive
[2009/10/03 14:30:20 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Little Games Company
[2010/12/24 10:37:14 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Local
[2009/04/30 16:06:42 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Lost in the City
[2010/04/26 17:08:27 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Ludia
[2010/03/30 12:22:41 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\MemoryClinic
[2010/03/27 15:09:32 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Merscom
[2010/02/02 16:58:29 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\PlayFirst
[2010/11/01 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\PlayPond
[2009/05/04 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Playrix Entertainment
[2010/04/25 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\QB9
[2010/05/08 14:01:22 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Scholastic
[2011/01/12 22:38:33 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Spotify
[2009/08/30 16:58:20 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\SprillRichiEng
[2008/11/30 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Subversion
[2008/10/14 13:28:44 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\TMP
[2010/04/23 16:30:04 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\Top Evidence
[2009/10/08 17:11:17 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\V-Games
[2009/02/08 18:54:59 | 000,000,000 | ---D | M] -- C:\Users\Gemma\AppData\Roaming\ViquaSoft
[2011/01/12 00:31:00 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C63E7DE2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F78CC2A2
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 64 bytes -> C:\Users\Gemma\Desktop\Mickey's Christmas Carol.avi:TOC.WMV
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9D86EE01
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:816255C3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:35FAD15D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EB333CFC
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D47B19A6
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:ADBB571A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0696EC8E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B722BCE5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:AB3339EF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9A7BF72D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BF6A2C54
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B8EB1B99
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:08E5EE32
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8999FD56
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:93226FE3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:91DEEE71
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:471AD3D0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:61F0C8FB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7A032A04
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:AABCC5A7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1C201DEB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:98F6F85C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C0893153
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56C17A93
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:68EF6203
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:4FA837B4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1C6CB897
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4EEC7800
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2342AE46
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CA0CE093
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FD000392
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DC2110AD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7F4DB476
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:627153F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2E49FF93
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F1F85068
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:27D1368B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1740DC47
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:450ABF8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:82529191
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7972CF54
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:10F6E97E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:17C48B08
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BBF60A29
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF76F21
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4FE30352
< End of report >
AlmightyDeath
2011-01-13, 00:48
OTL Extras logfile created on: 12/01/2011 22:43:06 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Gemma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 161.58 Gb Free Space | 54.21% Space Free | Partition Type: NTFS
Computer Name: WOODENHORSE | User Name: Gemma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0888037E-F2C0-4B95-994C-1A5F31FEC719}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{1BC599B1-9FA9-4922-ADB3-94FA71797CFF}" = lport=137 | protocol=17 | dir=in | app=system |
"{1D484973-3AA8-4043-993A-656AEF7A3C97}" = rport=137 | protocol=17 | dir=out | app=system |
"{258DDCB6-4ABD-4D1D-8A11-81A7229A0B80}" = lport=10243 | protocol=6 | dir=in | app=system |
"{291F0B0B-9C09-468F-9F8B-877DA9EB5D5D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34234521-8679-4F1D-898A-3E2025734973}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{51272D8D-1895-4C3E-BE9D-C10CC5EA3A65}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5357A093-F736-465E-B34E-51DF64A1CD7D}" = rport=138 | protocol=17 | dir=out | app=system |
"{5AF8FC29-E20A-475B-A6CE-D3CCE2E00117}" = rport=10243 | protocol=6 | dir=out | app=system |
"{60AC066B-58FC-4218-98A2-EC14CC2D6BA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{678E6F9B-79F3-49B9-8AF3-92C0BA2F0E61}" = lport=445 | protocol=6 | dir=in | app=system |
"{6B59EE2F-64DC-4DF6-A7F3-0B6621068C44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8758DCCD-188F-4E53-B3B0-325C4903EB4C}" = lport=139 | protocol=6 | dir=in | app=system |
"{94F16E1D-C236-4E1F-8089-E0148FA5B61D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9A6156E3-E4B1-40D4-BE3B-37F0ABA211D2}" = rport=139 | protocol=6 | dir=out | app=system |
"{A51C45C0-63CD-4AF2-83C9-819CBE0AE551}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A83A47F1-A8C4-453E-AB33-2E6B6EAFB003}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADB7E07D-8E46-4B77-83A0-15EC288A92F2}" = lport=138 | protocol=17 | dir=in | app=system |
"{C2716C42-CC69-403E-AEB1-E87D56B9116C}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{C2F29B2E-8267-43BE-AC78-7843C21E7E22}" = rport=445 | protocol=6 | dir=out | app=system |
"{D7E52AEB-027B-4948-B720-3CE5FAA9644B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD690901-4106-4B86-9603-1D3B2090E7C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE4310BE-2E3A-458A-9BF9-F4698F795E2E}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{E9D8AA53-1F2A-4D40-B17A-DC212C6653DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0FCEB93-F908-4A68-9C8F-0F4456B1726E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FC634A0F-EAD6-4678-94B1-50A345A78553}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F97B342-C80C-4B0A-8EAD-11D455A746D2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{233DB754-757E-44E8-9681-CCEDD41F394F}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{2D1A9DD3-47B8-4ABE-B7A9-F8B2B57C3BFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{497909DE-C23B-40C7-94BF-EE846415B3C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F8BAC5A-0983-4EE5-9128-3030FAEA5018}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{674D29F0-38BB-4852-A85E-30800B38992A}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{6FFC0010-3A1E-4AB1-9D4E-2723742DF974}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{71E9B2C7-1EE3-4B82-92BA-8BEDE67FF4FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{745F858B-F315-44F6-9C11-93BC4FD2047E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{7D1D8980-6675-4560-BA35-A22D30B97E34}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93641A3C-CD8D-473C-A3F8-3DC5001ABB28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A84C653-AD22-49BC-B002-01F2D0B6D777}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A536A702-0E8A-47A0-87F8-DB1BAEDEF4E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AD503695-547C-4097-83EE-FF2F39170775}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B26BBB87-BBFB-45DC-8CDD-E28823AEC9C5}" = protocol=6 | dir=out | app=system |
"{C286171F-709F-4A07-85DD-DAAC3748B84B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8CD99F1-17B2-4C4E-8588-0E864527B12E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAB17F0B-93B5-46B8-BDB5-E3EDE765F70F}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{CB21F92F-7392-43B9-B4E3-64001663479C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFF6D9CE-FC68-462A-A9E6-22492175CD17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7D02EF9-ADD7-48F1-A4A3-BB552E042364}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{D8900FF0-FEE3-4450-82D4-F63422FF4F62}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D917E53E-3A80-4D2D-8110-5AD35FCA63A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E80D1E49-6080-42D2-9347-E26E0B9260C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EF22FB29-40D9-4FA1-832E-72A48B82367A}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{F9951DD5-7059-4FF1-ABEA-2367F4BAAD7A}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{FDA7E7C2-34FD-4B5D-A5F2-8489E9C60D6E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0CCA5E91-B388-47D2-B839-337209E5E9F4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{743B62AF-67CF-4408-A83C-EA3C5DB91BE7}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"1 Penguin 100 Cases_is1" = 1 Penguin 100 Cases
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"am-antiqueshop" = Antique Shop
"am-cakemaniamainstreettm" = Cake Mania Main Street(TM)
"am-campfirelegendsthehookman" = Campfire Legends - The Hookman
"am-ghosttownmysteriestmbodie" = Ghost Town Mysteries(TM) - Bodie
"am-holly2magicland" = Holly 2 - Magic Land
"am-jessicascupcakecafe" = Jessica's Cupcake Cafe
"am-littleshopmemories" = Little Shop - Memories
"am-littleshopworldtraveler" = Little Shop - World Traveler
"am-themagicianshandbookiiblacklore" = The Magician's Handbook II - BlackLore
"Angela Young 2 Escape the Dreamscape_is1" = Angela Young 2 Escape the Dreamscape
"AVG9Uninstall" = AVG Free 9.0
"BFG-Alice's Magical Mahjong" = Alice's Magical Mahjong
"BFGC" = Big Fish Games: Game Manager
"BFG-Cake Mania - Lights, Camera, Action" = Cake Mania: Lights, Camera, Action!
"BFG-Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue" = Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
"BFG-Doors of the Mind - Inner Mysteries" = Doors of the Mind: Inner Mysteries
"BFG-Downtown Secrets" = Downtown Secrets
"BFG-Empress of the Deep - The Darkest Secret" = Empress of the Deep: The Darkest Secret
"BFG-Fear for Sale - The Mystery of McInroy Manor Collector's Edition" = Fear for Sale: The Mystery of McInroy Manor Collector's Edition
"BFG-Fiction Fixers - Adventures in Wonderland" = Fiction Fixers - Adventures in Wonderland
"BFG-Fiction Fixers - The Curse of OZ" = Fiction Fixers: The Curse of OZ
"BFG-Haunted Legends - The Queen of Spades Collector's Edition" = Haunted Legends: The Queen of Spades Collector's Edition
"BFG-Haunted Manor - Lord of Mirrors" = Haunted Manor: Lord of Mirrors
"BFG-Holly - A Christmas Tale Deluxe" = Holly: A Christmas Tale Deluxe
"BFG-I SPY - Treasure Hunt" = I SPY: Treasure Hunt
"BFG-I Spy Spooky Mansion Deluxe" = I SPY ™ Spooky Mansion Deluxe
"BFG-Mahjongg Dimensions Deluxe" = Mahjongg Dimensions Deluxe
"BFG-Millionaire Manor - The Hidden Object Show" = Millionaire Manor: The Hidden Object Show
"BFG-Mystery Age - The Dark Priests" = Mystery Age: The Dark Priests
"BFG-Mystery Case Files - 13th Skull Collector's Edition" = Mystery Case Files ®: 13th Skull ™ Collector's Edition
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files®: Dire Grove™
"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate ®
"BFG-Mystery Trackers - The Void Collector's Edition" = Mystery Trackers: The Void Collector's Edition
"BFG-Mystery Valley" = Mystery Valley
"BFG-PuppetShow - Mystery of Joyville" = PuppetShow: Mystery of Joyville ™
"BFG-PuppetShow - Souls of the Innocent" = PuppetShow: Souls of the Innocent
"BFG-Santas Super Friends" = Santa's Super Friends
"BFG-Secret Mission - The Forgotten Island" = Secret Mission: The Forgotten Island
"BFG-Sinister City" = Sinister City
"BFG-Success Story" = Success Story
"BFG-The Heritage" = The Heritage
"BFG-The Lost Cases of 221B Baker St" = The Lost Cases of 221B Baker St.
"BFG-Treasure Seekers - Follow the Ghosts" = Treasure Seekers: Follow the Ghosts
"BFG-Tulula - Legend of a Volcano" = Tulula: Legend of a Volcano
"BFG-Twisted - A Haunted Carol" = Twisted: A Haunted Carol
"BFG-Twisted Lands - Shadow Town" = Twisted Lands: Shadow Town
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Campfire Legends The Hookman_is1" = Campfire Legends The Hookman
"CollabNet Subversion" = CollabNet Subversion 1.5.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Setup.divx.com" = DivX Setup
"Escape Rosecliff Island_is1" = Escape Rosecliff Island
"GameHouse" = GameHouse
"Gardenscapes_is1" = Gardenscapes
"Ghost Town Mysteries - Bodie_is1" = Ghost Town Mysteries - Bodie
"Gotcha Celebrity Secrets_is1" = Gotcha Celebrity Secrets
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Install EverFall Test Version 3" = Install EverFall Test Version 3
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marooned_is1" = Marooned
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mirror Mysteries_is1" = Mirror Mysteries
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mystery PI - Lost in Los Angeles_is1" = Mystery PI - Lost in Los Angeles
"OpenAL" = OpenAL
"PROR" = Microsoft Office Professional 2007
"Righteous Kill Revenge of the Poet Killer_is1" = Righteous Kill Revenge of the Poet Killer
"Spotify" = Spotify
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09/01/2011 07:00:15 | Computer Name = WoodenHorse | Source = WinMgmt | ID = 10
Description =
Error - 09/01/2011 13:58:05 | Computer Name = WoodenHorse | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, time
stamp 0x4cf928fc, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000005, fault offset 0x00047dd2, process id 0x1324,
application start time 0x01cbafed6c1386af.
Error - 09/01/2011 18:22:13 | Computer Name = WoodenHorse | Source = WinMgmt | ID = 10
Description =
Error - 09/01/2011 18:34:55 | Computer Name = WoodenHorse | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 09/01/2011 18:34:58 | Computer Name = WoodenHorse | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 10/01/2011 05:27:48 | Computer Name = WoodenHorse | Source = WinMgmt | ID = 10
Description =
Error - 10/01/2011 12:36:53 | Computer Name = WoodenHorse | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 10/01/2011 12:36:53 | Computer Name = WoodenHorse | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 11/01/2011 14:27:19 | Computer Name = WoodenHorse | Source = WinMgmt | ID = 10
Description =
Error - 12/01/2011 05:45:26 | Computer Name = WoodenHorse | Source = WinMgmt | ID = 10
Description =
[ Broadcom Wireless LAN Events ]
Error - 28/05/2010 14:10:43 | Computer Name = WoodenHorse | Source = WLAN-Tray | ID = 0
Description = 19:10:42, Fri, May 28, 10 Error - Unable to gain access to user store
Error - 30/07/2010 18:04:26 | Computer Name = WoodenHorse | Source = WLAN-Tray | ID = 0
Description = 23:04:26, Fri, Jul 30, 10 Error - Unable to gain access to user store
Error - 03/09/2010 15:44:05 | Computer Name = WoodenHorse | Source = WLAN-Tray | ID = 0
Description = 20:44:04, Fri, Sep 03, 10 Error - Unable to gain access to user store
Error - 05/09/2010 14:06:53 | Computer Name = WoodenHorse | Source = WLAN-Tray | ID = 0
Description = 19:06:53, Sun, Sep 05, 10 Error - Unable to gain access to user store
Error - 07/09/2010 17:12:10 | Computer Name = WoodenHorse | Source = WLAN-Tray | ID = 0
Description = 22:12:09, Tue, Sep 07, 10 Error - Unable to gain access to user store
Error - 13/11/2010 17:32:18 | Computer Name = WoodenHorse | Source = WLAN-Tray | ID = 0
Description = 21:32:17, Sat, Nov 13, 10 Error - Unable to gain access to user store
Error - 30/11/2010 07:27:55 | Computer Name = WoodenHorse | Source = WLAN-Tray | ID = 0
Description = 11:27:55, Tue, Nov 30, 10 Error - Unable to gain access to user store
Error - 10/12/2010 16:24:31 | Computer Name = WoodenHorse | Source = WLAN-Tray | ID = 0
Description = 20:24:30, Fri, Dec 10, 10 Error - Unable to gain access to user store
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Hi,
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
AlmightyDeath
2011-01-13, 01:26
Thanks for the help.
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gemma
->Temp folder emptied: 5003838 bytes
->Temporary Internet Files folder emptied: 67670147 bytes
->Java cache emptied: 22024094 bytes
->FireFox cache emptied: 111297470 bytes
->Flash cache emptied: 358881 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 906 bytes
RecycleBin emptied: 2353499208 bytes
Total Files Cleaned = 2,441.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.20.1 log created on 01122011_232103
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
AlmightyDeath
2011-01-13, 01:30
and OTL log
OTL logfile created on: 12/01/2011 23:27:14 - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Gemma\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 163.88 Gb Free Space | 54.98% Space Free | Partition Type: NTFS
Computer Name: WOODENHORSE | User Name: Gemma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Gemma\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Users\Gemma\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\BCM42RLY.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (VNUSB) -- C:\Windows\System32\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/26 09:55:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/24 10:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/24 10:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 10:01:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 10:01:47 | 000,000,000 | ---D | M]
[2008/10/17 15:52:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gemma\AppData\Roaming\Mozilla\Extensions
[2011/01/12 18:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gemma\AppData\Roaming\Mozilla\Firefox\Profiles\9egm0rk2.default\extensions
[2010/09/11 15:54:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gemma\AppData\Roaming\Mozilla\Firefox\Profiles\9egm0rk2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/17 16:08:39 | 000,000,523 | ---- | M] () -- C:\Users\Gemma\AppData\Roaming\Mozilla\Firefox\Profiles\9egm0rk2.default\searchplugins\daemon-search.xml
[2011/01/12 18:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/16 13:01:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/09 22:36:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/26 09:55:12 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/12/24 10:37:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/24 10:37:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/16 00:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 00:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 00:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 00:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/01/12 23:22:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img28.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/01/12 23:21:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/12 22:41:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gemma\Desktop\OTL.exe
[2011/01/09 22:36:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/01/09 22:36:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/01/09 22:36:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/01/09 22:30:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/09 21:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/09 21:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/09 21:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/09 19:25:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Gemma\Desktop\HijackThis.exe
[2011/01/09 19:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/01/09 19:21:41 | 000,000,000 | ---D | C] -- C:\Users\Gemma\Desktop\sec_man
[2011/01/09 19:20:30 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Malwarebytes
[2011/01/09 19:20:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/09 19:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/09 19:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/09 19:20:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/09 19:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/09 19:19:19 | 000,000,000 | ---D | C] -- C:\Users\Gemma\Desktop\s_snd
[2010/12/24 10:37:14 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Local
[2010/12/24 10:36:53 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\DivX
[2010/12/24 10:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/12/20 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\gogii
[2010/12/20 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - The Curse of OZ
[2010/12/20 13:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - The Curse of OZ
[2010/12/20 13:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Fiction Fixers - The Curse of OZ
[2010/12/20 13:49:38 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - Adventures in Wonderland
[2010/12/20 13:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiction Fixers - Adventures in Wonderland
[2010/12/20 13:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Fiction Fixers - Adventures in Wonderland
[2010/12/20 13:47:38 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twisted - A Haunted Carol
[2010/12/20 13:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twisted - A Haunted Carol
[2010/12/20 13:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Twisted - A Haunted Carol
[2010/12/20 13:44:19 | 000,000,000 | ---D | C] -- C:\Users\Gemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Legends - The Queen of Spades Collector's Edition
[2010/12/20 13:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Legends - The Queen of Spades Collector's Edition
[2010/12/20 13:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Haunted Legends - The Queen of Spades Collector's Edition
[2010/12/16 22:20:02 | 000,000,000 | -H-D | C] -- C:\$AVG
========== Files - Modified Within 30 Days ==========
[2011/01/12 23:23:16 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/12 23:23:16 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/12 23:23:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/12 23:23:09 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/12 23:22:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/01/12 22:41:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gemma\Desktop\OTL.exe
[2011/01/12 18:11:03 | 070,072,782 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/01/12 09:51:34 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/12 09:51:34 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/09 23:36:44 | 000,003,437 | ---- | M] () -- C:\Users\Gemma\Desktop\Attach.zip
[2011/01/09 23:11:27 | 000,624,128 | ---- | M] () -- C:\Users\Gemma\Desktop\dds.scr
[2011/01/09 21:29:02 | 000,001,055 | ---- | M] () -- C:\Users\Gemma\Desktop\Spybot - Search & Destroy.lnk
[2011/01/09 19:20:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/09 18:15:33 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Gemma\Desktop\HijackThis.exe
[2010/12/25 16:21:55 | 000,029,184 | ---- | M] () -- C:\Users\Gemma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/24 10:37:14 | 000,001,435 | ---- | M] () -- C:\Users\Gemma\Desktop\DivX Movies.lnk
[2010/12/24 10:36:48 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/12/24 10:36:29 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 13:53:50 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Play Fiction Fixers - The Curse of OZ.lnk
[2010/12/20 13:53:50 | 000,001,588 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/12/20 13:50:22 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Play Fiction Fixers - Adventures in Wonderland.lnk
[2010/12/20 13:48:29 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Play Twisted - A Haunted Carol.lnk
[2010/12/20 13:45:08 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Play Haunted Legends - The Queen of Spades Collector's Edition.lnk
[2010/12/16 22:26:20 | 368,197,632 | ---- | M] () -- C:\Users\Gemma\Desktop\Mickey's Christmas Carol.avi
[2010/12/16 22:22:55 | 000,173,679 | ---- | M] () -- C:\Users\Gemma\Desktop\Dandelion.jpg
[2010/12/16 22:22:40 | 000,028,535 | ---- | M] () -- C:\Users\Gemma\Desktop\Brian froud toadstool.jpg
========== Files Created - No Company Name ==========
[2011/01/09 23:36:44 | 000,003,437 | ---- | C] () -- C:\Users\Gemma\Desktop\Attach.zip
[2011/01/09 23:11:26 | 000,624,128 | ---- | C] () -- C:\Users\Gemma\Desktop\dds.scr
[2011/01/09 21:29:02 | 000,001,055 | ---- | C] () -- C:\Users\Gemma\Desktop\Spybot - Search & Destroy.lnk
[2011/01/09 19:20:22 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/24 10:36:48 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/12/24 10:36:29 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/12/20 13:53:50 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Play Fiction Fixers - The Curse of OZ.lnk
[2010/12/20 13:53:50 | 000,001,588 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/12/20 13:50:22 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Play Fiction Fixers - Adventures in Wonderland.lnk
[2010/12/20 13:48:29 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Play Twisted - A Haunted Carol.lnk
[2010/12/20 13:45:08 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Play Haunted Legends - The Queen of Spades Collector's Edition.lnk
[2010/12/16 22:22:54 | 000,173,679 | ---- | C] () -- C:\Users\Gemma\Desktop\Dandelion.jpg
[2010/12/16 22:22:40 | 000,028,535 | ---- | C] () -- C:\Users\Gemma\Desktop\Brian froud toadstool.jpg
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/03 11:22:58 | 000,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2009/06/03 11:22:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2008/10/19 11:09:59 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/10/17 16:12:43 | 000,029,184 | ---- | C] () -- C:\Users\Gemma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/17 16:05:43 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/10/17 16:05:12 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/10/17 16:05:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/10/14 13:26:25 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/10/14 13:24:25 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/10/14 13:15:18 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/10/14 13:15:18 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/10/14 13:15:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/10/14 13:15:18 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/10/14 13:15:18 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/10/14 12:54:22 | 000,000,680 | ---- | C] () -- C:\Users\Gemma\AppData\Local\d3d9caps.dat
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C63E7DE2
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F78CC2A2
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 64 bytes -> C:\Users\Gemma\Desktop\Mickey's Christmas Carol.avi:TOC.WMV
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:BE40C8A2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9D86EE01
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:816255C3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:35FAD15D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EB333CFC
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D47B19A6
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:ADBB571A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:397D67BA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0696EC8E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:B722BCE5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:AB3339EF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3A89E47
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9A7BF72D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BF6A2C54
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B8EB1B99
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:08E5EE32
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8999FD56
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:93226FE3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:91DEEE71
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:471AD3D0
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:61F0C8FB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7A032A04
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:AABCC5A7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1C201DEB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:98F6F85C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C0893153
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56C17A93
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:68EF6203
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:4FA837B4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1C6CB897
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:6401C7FF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4EEC7800
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2342AE46
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CA0CE093
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FD000392
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DC2110AD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7F4DB476
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:627153F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2E49FF93
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:1D6B18F1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F1F85068
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:774A0E14
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:27D1368B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1740DC47
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:450ABF8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:82529191
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7972CF54
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:10F6E97E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:17C48B08
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BBF60A29
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF76F21
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4FE30352
< End of report >
Looks good, have those unwanted pop up windows stopped ?
You have Malwarebytes installed, open it, check for updates and run the Quick scan and post the log.
Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
AlmightyDeath
2011-01-13, 22:31
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5512
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
13/01/2011 19:36:28
mbam-log-2011-01-13 (19-36-28).txt
Scan type: Quick scan
Objects scanned: 147007
Time elapsed: 4 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I am just going to do the other scan now and then I will post again.
AlmightyDeath
2011-01-14, 00:28
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=4992d870136adf48ad8c4cef88dbdbd3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-13 10:22:27
# local_time=2011-01-13 10:22:27 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 28944840 28944840 0 0
# compatibility_mode=5892 16776574 100 100 40186412 132483595 0 0
# compatibility_mode=8192 67108863 100 0 3721 3721 0 0
# scanned=352765
# found=1
# cleaned=1
# scan_time=6480
C:\Program Files\Mirror Mysteries\mm.RWG a variant of Win32/Kryptik.AOH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Great, how is your system running now ?
AlmightyDeath
2011-01-14, 01:16
Web browsers are working properly again after fixing the proxy issues.
And the wife reports that there are no more (fake/spam) notices appearing in the bottom right corner over the clock. So shes feeling much happier.
I take it that she can have the all clear, as she wishes to change all her passwords?
I would like to thank you for your time and help with this it is much appreciated.
Your very very welcome. Been at this for many years and the satisfaction I get is helping nice users like yourself.
Open OTL and click on Cleanup and it will remove the programs we used to clean your system along with there backups.
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
AlmightyDeath
2011-01-14, 01:47
Thanks Ken.
All done!
I shall pass those link on to her for some 'light' reading ;)
Thanks again.
:bigthumb:
I wanted to add that all systems and infections are different, what one fix can clean one computer may damage another so I would have your dad start a new topic for his computer as what we have done with yours may damage his.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.