Potential rootkit infection?
- Thread starter kingnothing
- Start date
kingnothing
New member
I don't have bitlocker on.
Ok. Seems likely that we have to use recovery environment here. Do you have Win7 RC media available?
First, let's make a file copy to other location so that you don't have to type so much on upcoming part.
Create a batch with following contents:
When that's done, make sure that c:\cngaudit.dll file exists. After that, please follow method two here to access system recovery options. Click Command Prompt. Give following command & and press ENTER making sure that spelling is exactly as shown:
Also, please upload C:\Windows\winsvc32.exe file here. Kindly include a link to this topic.
First, let's make a file copy to other location so that you don't have to type so much on upcoming part.
Create a batch with following contents:
Code:
xcopy /y C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll c:\cngaudit.dllWhen that's done, make sure that c:\cngaudit.dll file exists. After that, please follow method two here to access system recovery options. Click Command Prompt. Give following command & and press ENTER making sure that spelling is exactly as shown:
If all went well you should get "1 file(s) copied." message. After that give command exit (press ENTER) to exit command prompt. Click restart on system recovery options window. When back to normal mode, run win32kdiag.
Also, please upload C:\Windows\winsvc32.exe file here. Kindly include a link to this topic.
Last edited:
kingnothing
New member
I don't have a windows 7 RC disk with me. Doesn't the recovery console get installed when you install windows 7?
kingnothing
New member
Do I run the batch file I just created?
kingnothing
New member
I created and ran the batch file, I then created a recovery disc and copied the cng audit file. For some reason in the recovery environment my C: drive became my D: drive so I changed the c: to d: in the text you told me to enter.
I then ran win32kdiag which created the following log file:
Log file is located at: C:\Users\Tom\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Found mount point : C:\Windows\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\DigitalLocker\en-US\en-US
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ehome\CreateDisc\style\style
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Help\Corporate\Corporate
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Help\OEM\OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0000\0000
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0409\0409
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Microsoft.NET\authman\authman
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ModemLogs\ModemLogs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Panther\setup.exe\setup.exe
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PLA\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SchCache\SchCache
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\security\audit\audit
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\security\templates\templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\servicing\SQM\SQM
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Temp\_avast4_\_avast4_
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Vss\Writers\Application\Application
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames
Mount point destination : \Device\__max++>\^
Finished!
I uploaded c:\windows\winsvc32.exe to the website as you instructed.
I then ran win32kdiag which created the following log file:
Log file is located at: C:\Users\Tom\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Found mount point : C:\Windows\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\DigitalLocker\en-US\en-US
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ehome\CreateDisc\style\style
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Help\Corporate\Corporate
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Help\OEM\OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0000\0000
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\inf\PNRPSvc\0409\0409
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Microsoft.NET\authman\authman
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ModemLogs\ModemLogs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Panther\setup.exe\setup.exe
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\PLA\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SchCache\SchCache
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\security\audit\audit
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\security\templates\templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\servicing\SQM\SQM
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Temp\_avast4_\_avast4_
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Vss\Writers\Application\Application
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames
Mount point destination : \Device\__max++>\^
Finished!
I uploaded c:\windows\winsvc32.exe to the website as you instructed.
Thanks for the sample 
Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
%userprofile%\desktop\win32kdiag.exe -f -r
After that, launch Malwarebytes' A-M (MBAM), update its definitions and run a quick scan (let it delete all findings). Post the report back here.
Note: If you get permission error from MBAM, follow the instructions in post #9 to download unlocker (if you don't have the file anymore). Then drag 'n' drop MBAM exe file to it.
Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
%userprofile%\desktop\win32kdiag.exe -f -r
After that, launch Malwarebytes' A-M (MBAM), update its definitions and run a quick scan (let it delete all findings). Post the report back here.
Note: If you get permission error from MBAM, follow the instructions in post #9 to download unlocker (if you don't have the file anymore). Then drag 'n' drop MBAM exe file to it.
kingnothing
New member
Results of Win32kdiag.exe log file:
Running from: C:\Users\Tom\Desktop\win32kdiag.exe
Log file at : C:\Users\Tom\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Found mount point : C:\Windows\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\AppPatch\Custom\Custom
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp
Found mount point : C:\Windows\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\temp\temp
Found mount point : C:\Windows\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\tmp\tmp
Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\CSC\v2.0.6\namespace\namespace
Found mount point : C:\Windows\DigitalLocker\en-US\en-US
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\DigitalLocker\en-US\en-US
Found mount point : C:\Windows\ehome\CreateDisc\style\style
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ehome\CreateDisc\style\style
Found mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed
Found mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed
Found mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed
Found mount point : C:\Windows\Help\Corporate\Corporate
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Help\Corporate\Corporate
Found mount point : C:\Windows\Help\OEM\OEM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Help\OEM\OEM
Found mount point : C:\Windows\inf\PNRPSvc\0000\0000
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0000\0000
Found mount point : C:\Windows\inf\PNRPSvc\0409\0409
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0409\0409
Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\LiveKernelReports\LiveKernelReports
Found mount point : C:\Windows\Microsoft.NET\authman\authman
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Microsoft.NET\authman\authman
Found mount point : C:\Windows\ModemLogs\ModemLogs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ModemLogs\ModemLogs
Found mount point : C:\Windows\Panther\setup.exe\setup.exe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Panther\setup.exe\setup.exe
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : C:\Windows\PIF\PIF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PIF\PIF
Found mount point : C:\Windows\PLA\Templates\Templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PLA\Templates\Templates
Found mount point : C:\Windows\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Registration\CRMLog\CRMLog
Found mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps
Found mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops
Found mount point : C:\Windows\SchCache\SchCache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SchCache\SchCache
Found mount point : C:\Windows\security\audit\audit
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\security\audit\audit
Found mount point : C:\Windows\security\templates\templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\security\templates\templates
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop
Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents
Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads
Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites
Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links
Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music
Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures
Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games
Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos
Found mount point : C:\Windows\servicing\SQM\SQM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\servicing\SQM\SQM
Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs
Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a
Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7
Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Found mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler
Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Found mount point : C:\Windows\Temp\_avast4_\_avast4_
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Temp\_avast4_\_avast4_
Found mount point : C:\Windows\Vss\Writers\Application\Application
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Vss\Writers\Application\Application
Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\InstallTemp\InstallTemp
Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames
Finished!
Below is the Mbam log file:
Malwarebytes' Anti-Malware 1.41
Database version: 2866
Windows 6.1.7100
28/09/2009 15:02:13
mbam-log-2009-09-28 (15-01-59).txt
Scan type: Quick Scan
Objects scanned: 100240
Time elapsed: 8 minute(s), 29 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
C:\Windows\winsvc32.exe (Backdoor.Bot) -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsvc32 (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\logevent.dll (Trojan.Sirefef) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\Windows\win32k.sys (Trojan.Dropper) -> No action taken.
C:\Windows\winsvc32.exe (Backdoor.Bot) -> No action taken.
Running from: C:\Users\Tom\Desktop\win32kdiag.exe
Log file at : C:\Users\Tom\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Found mount point : C:\Windows\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\AppPatch\Custom\Custom
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47E8.tmp\ZAP47E8.tmp
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9137.tmp\ZAP9137.tmp
Found mount point : C:\Windows\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\temp\temp
Found mount point : C:\Windows\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\assembly\tmp\tmp
Found mount point : C:\Windows\CSC\v2.0.6\namespace\namespace
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\CSC\v2.0.6\namespace\namespace
Found mount point : C:\Windows\DigitalLocker\en-US\en-US
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\DigitalLocker\en-US\en-US
Found mount point : C:\Windows\ehome\CreateDisc\style\style
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ehome\CreateDisc\style\style
Found mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Globalization\MCT\MCT-AU\RSSFeed\RSSFeed
Found mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Globalization\MCT\MCT-CA\RSSFeed\RSSFeed
Found mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Globalization\MCT\MCT-ZA\RSSFeed\RSSFeed
Found mount point : C:\Windows\Help\Corporate\Corporate
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Help\Corporate\Corporate
Found mount point : C:\Windows\Help\OEM\OEM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Help\OEM\OEM
Found mount point : C:\Windows\inf\PNRPSvc\0000\0000
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0000\0000
Found mount point : C:\Windows\inf\PNRPSvc\0409\0409
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\inf\PNRPSvc\0409\0409
Found mount point : C:\Windows\LiveKernelReports\LiveKernelReports
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\LiveKernelReports\LiveKernelReports
Found mount point : C:\Windows\Microsoft.NET\authman\authman
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Microsoft.NET\authman\authman
Found mount point : C:\Windows\ModemLogs\ModemLogs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ModemLogs\ModemLogs
Found mount point : C:\Windows\Panther\setup.exe\setup.exe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Panther\setup.exe\setup.exe
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES
Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : C:\Windows\PIF\PIF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PIF\PIF
Found mount point : C:\Windows\PLA\Templates\Templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\PLA\Templates\Templates
Found mount point : C:\Windows\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Registration\CRMLog\CRMLog
Found mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\RemotePackages\RemoteApps\RemoteApps
Found mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\RemotePackages\RemoteDesktops\RemoteDesktops
Found mount point : C:\Windows\SchCache\SchCache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SchCache\SchCache
Found mount point : C:\Windows\security\audit\audit
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\security\audit\audit
Found mount point : C:\Windows\security\templates\templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\security\templates\templates
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temp
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop
Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents
Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads
Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites
Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links
Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music
Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures
Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games
Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Caches\Caches
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent
Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games
Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos
Found mount point : C:\Windows\servicing\SQM\SQM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\servicing\SQM\SQM
Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\AuthCabs\AuthCabs
Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.23_none_97d5896e7560765a
Found mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\Download\10c510d99262f3d69d00319f2c10e33d\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.7100.4114_none_d31e04150597a6d7
Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Found mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\SoftwareDistribution\SelfUpdate\Handler\Handler
Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Found mount point : C:\Windows\Temp\_avast4_\_avast4_
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Temp\_avast4_\_avast4_
Found mount point : C:\Windows\Vss\Writers\Application\Application
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\Vss\Writers\Application\Application
Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\InstallTemp\InstallTemp
Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames
Mount point destination : \Device\__max++>\^
Removing mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames
Finished!
Below is the Mbam log file:
Malwarebytes' Anti-Malware 1.41
Database version: 2866
Windows 6.1.7100
28/09/2009 15:02:13
mbam-log-2009-09-28 (15-01-59).txt
Scan type: Quick Scan
Objects scanned: 100240
Time elapsed: 8 minute(s), 29 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
C:\Windows\winsvc32.exe (Backdoor.Bot) -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsvc32 (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\logevent.dll (Trojan.Sirefef) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\Windows\win32k.sys (Trojan.Dropper) -> No action taken.
C:\Windows\winsvc32.exe (Backdoor.Bot) -> No action taken.
I assume those findings were nuked though the report shows "no action taken".
Let's get some further details of your system's situation next.
Let's get some further details of your system's situation next.
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
kingnothing
New member
Yeah I removed infected files.
kingnothing
New member
Contents of OTL.txt:
OTL logfile created on: 28/09/2009 15:21:06 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Users\Tom\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.50% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 99.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.80 Gb Total Space | 12.84 Gb Free Space | 23.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOM-LAPTOP
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\System32\lxcecoms.exe ( )
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Lexmark 4300 Series\lxcemon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 4300 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Users\Tom\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AEADIFilters [Auto | Running]) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AppIDSvc [On_Demand | Stopped]) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8emc [Auto | Stopped]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AxInstSV [On_Demand | Stopped]) -- C:\Windows\System32\AxInstSV.dll (Microsoft Corporation)
SRV - (BDESVC [Unknown | Stopped]) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (defragsvc [On_Demand | Stopped]) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (Dhcp [Auto | Running]) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache [On_Demand | Stopped]) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (HomeGroupListener [On_Demand | Running]) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider [On_Demand | Running]) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (lxce_device [Auto | Running]) -- C:\Windows\System32\lxcecoms.exe ( )
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (p2pimsvc [On_Demand | Running]) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc [On_Demand | Stopped]) -- C:\Windows\System32\peerdistsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg [On_Demand | Stopped]) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (PNRPsvc [On_Demand | Running]) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (Power [Auto | Running]) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (RpcEptMapper [Unknown | Running]) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc [On_Demand | Stopped]) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (sppsvc [Auto | Stopped]) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (sppuinotify [On_Demand | Stopped]) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (Themes [Auto | Running]) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (WbioSrvc [On_Demand | Stopped]) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WwanSvc [On_Demand | Stopped]) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (1394ohci [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (AcpiPmi [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (adp94xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adpu320 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (LSI Corp)
DRV - (aic78xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdPPM [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (amdsata [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdsata.sys (AMD)
DRV - (amdsbs [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (amdxata [Boot | Running]) -- C:\Windows\system32\DRIVERS\amdxata.sys (AMD)
DRV - (AppID [On_Demand | Stopped]) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (arc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (arcsas [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (ATSwpWDF [On_Demand | Running]) -- C:\Windows\System32\Drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (b06bdrv [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (b57nd60x [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (Brserid [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (cmdide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CNG [Boot | Running]) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (CompositeBus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (discache [System | Running]) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (ebdrv [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (ElbyCDIO [System | Running]) -- C:\Windows\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (elxstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (FsDepends [On_Demand | Stopped]) -- C:\Windows\System32\drivers\FsDepends.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hcw85cir [On_Demand | Stopped]) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (HpSAMD [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (hwpolicy [Boot | Running]) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (iaStorV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (KSecPkg [Boot | Running]) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_FC [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (LSI_SAS2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (LSI_SCSI [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (megasas [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (MegaSR [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (mshidkmdf [On_Demand | Stopped]) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (NdisCap [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ndiscap.sys (Microsoft Corporation)
DRV - (netw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\netw5v32.sys (Intel Corporation)
DRV - (nfrd960 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (nvraid [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (pcw [Boot | Running]) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (ql2300 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (RasAgileVpn [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AgileVpn.sys (Microsoft Corporation)
DRV - (rdpbus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP [System | Running]) -- C:\Windows\System32\drivers\rdprefmp.sys (Microsoft Corporation)
DRV - (rdyboost [Boot | Running]) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (s3cap [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (scfilter [Unknown | Stopped]) -- C:\Windows\System32\DRIVERS\scfilter.sys (Microsoft Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Stopped]) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (stexstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (storflt [Boot | Running]) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TPM [On_Demand | Running]) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (UmPass [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (VClone [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV - (vdrvroot [Boot | Running]) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (vhdmp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (viaide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (vmbus [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (VMBusHID [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (vsmraid [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vwifibus [On_Demand | Stopped]) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (WfpLwf [System | Running]) -- C:\Windows\System32\DRIVERS\wfplwf.sys (Microsoft Corporation)
DRV - (WIMMount [On_Demand | Stopped]) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\WinUsb.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: clickbank@geminussoft.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.51.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.30
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/22 09:55:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/21 20:27:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/10 22:41:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 22:41:33 | 00,000,000 | ---D | M]
[2009/06/21 22:47:26 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions
[2009/06/21 22:47:26 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/28 14:15:44 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions
[2009/07/02 22:19:54 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}
[2009/06/21 22:53:01 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/22 14:44:33 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009/06/25 13:13:17 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2009/06/22 14:43:45 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\clickbank@geminussoft.com
[2009/09/11 12:35:49 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\support@lastpass.com
[2009/09/28 14:15:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 22:41:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/06 15:01:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/29 18:07:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/24 21:17:45 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 21:17:45 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/13 22:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/13 22:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/27 03:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 21:17:45 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/28 20:09:14 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/08/17 15:01:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/17 15:01:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/17 15:01:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/17 15:01:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/17 15:01:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/17 15:01:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/17 15:01:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/28 20:09:19 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/07/28 20:09:12 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/13 22:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 20:10:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 20:10:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 20:10:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 20:10:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 20:10:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (331255 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 11343 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 4300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LXCECATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()
O4 - HKLM..\Run: [lxcemon.exe] C:\Program Files\Lexmark 4300 Series\lxcemon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: gistweb.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 16:42:25 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c37a9b3-5f48-11de-8e49-00170847af7b}\Shell - "" = AutoRun
O33 - MountPoints2\{0c37a9b3-5f48-11de-8e49-00170847af7b}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{0c37a9b3-5f48-11de-8e49-00170847af7b}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{0c37a9b3-5f48-11de-8e49-00170847af7b}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/09/28 15:16:04 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2009/09/28 14:51:27 | 00,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/28 14:49:22 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tom\Desktop\mbam-setup.exe
[2009/09/28 14:44:50 | 00,047,616 | ---- | C] () -- C:\Users\Tom\Desktop\Win32kDiag.exe
[2009/09/28 11:49:13 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\cngaudit.dll
[2009/09/27 21:43:39 | 00,000,140 | ---- | C] () -- C:\Users\Tom\Desktop\sbfix.bat
[2009/09/27 11:26:30 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\rbu
[2009/09/26 20:43:55 | 00,085,504 | ---- | C] () -- C:\Windows\System32\Inherit.exe
[2009/09/26 20:43:11 | 00,085,504 | ---- | C] () -- C:\Users\Tom\Desktop\Inherit.exe
[2009/09/26 19:09:29 | 00,000,000 | ---- | C] () -- C:\temp.exe
[2009/09/26 19:09:25 | 00,139,305 | ---- | C] (JeEzZ) -- C:\temp
[2009/09/26 13:28:33 | 00,288,768 | ---- | C] () -- C:\Users\Tom\Desktop\l2nrk1lf.exe
[2009/09/26 11:06:54 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\sfsdf
[2009/09/23 18:30:38 | 00,161,796 | ---- | C] () -- C:\Users\Tom\Desktop\basic_dog_training_2008.pdf
[2009/09/23 14:34:17 | 00,000,000 | ---- | C] () -- C:\Users\Tom\Desktop\loud.jpg
[2009/09/22 10:30:35 | 00,002,043 | ---- | C] () -- C:\Users\Tom\Desktop\HijackThis.lnk
[2009/09/22 10:30:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/22 10:28:39 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\reg backup
[2009/09/22 10:28:12 | 00,000,879 | ---- | C] () -- C:\Users\Tom\Desktop\ERUNT.lnk
[2009/09/22 10:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/22 00:04:24 | 03,317,563 | ---- | C] () -- C:\Users\Tom\Desktop\combo- fixit.exe
[2009/09/21 22:24:08 | 00,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Microsoft Games
[2009/09/21 20:39:13 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/21 20:39:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/21 20:39:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/21 17:39:52 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll
[2009/09/21 17:32:22 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Users\Tom\Desktop\avast_home_setup.exe
[2009/09/21 17:01:03 | 03,952,480 | -H-- | C] () -- C:\Users\Tom\AppData\Local\IconCache.db
[2009/09/21 16:27:10 | 01,056,768 | ---- | C] () -- C:\Windows\System32\defltbase.sdb
[2009/09/21 14:58:17 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/21 14:57:06 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/21 14:57:06 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/21 14:57:01 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/21 14:57:01 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/21 14:56:51 | 41,898,764 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/21 14:56:50 | 00,113,133 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/21 14:56:49 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/21 14:56:47 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/21 14:56:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/09/21 14:56:45 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/09/21 14:56:45 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/09/21 14:44:34 | 00,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\AVG8
[2009/09/20 23:08:23 | 00,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
[2009/09/20 23:08:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/20 23:01:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/09/20 23:01:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/20 20:56:48 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[2009/09/20 20:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\GiPo@Utilities
[2009/09/20 20:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Gibinsoft Shared
[2009/09/19 21:02:49 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Tinnitus
[2009/09/18 15:05:36 | 00,010,380 | ---- | C] () -- C:\Users\Tom\Desktop\Tinnitus bl.docx
[2009/09/15 14:00:45 | 00,013,190 | ---- | C] () -- C:\Users\Tom\Desktop\coversmallblog.jpg
[2009/09/15 13:19:47 | 00,199,319 | ---- | C] () -- C:\Users\Tom\Desktop\blog-09-15-2009.xml
[2009/09/12 21:10:51 | 00,012,009 | ---- | C] () -- C:\Users\Tom\Desktop\Internet Marketing Campaign.docx
[2009/09/10 21:58:41 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/09/09 23:19:32 | 04,120,056 | ---- | C] () -- C:\Users\Tom\Desktop\Death Of Affiliate Marketing on Squidoo.pdf
[2009/09/09 21:56:48 | 00,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/08 13:40:10 | 02,754,881 | ---- | C] () -- C:\Users\Tom\Desktop\Horrors_of_Vaccination_Exposed.pdf
[2009/09/03 20:51:18 | 00,011,332 | ---- | C] () -- C:\Users\Tom\Desktop\smallme.jpg
[2009/09/03 20:37:13 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\September_number_one_4586hiu38
[2009/09/03 14:16:57 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\September 2009
[2009/08/29 18:07:22 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/29 18:07:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/29 18:07:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/24 14:57:42 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxceserv.dll
[2009/08/24 14:57:42 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxceusb1.dll
[2009/08/24 14:57:42 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxceinpa.dll
[2009/08/24 14:57:42 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxceiesc.dll
[2009/08/24 14:57:42 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcehcp.dll
[2009/08/24 14:57:42 | 00,274,432 | ---- | C] () -- C:\Windows\System32\lxceinst.dll
[2009/08/24 14:57:41 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcehbn3.dll
[2009/08/24 14:57:41 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcecomc.dll
[2009/08/24 14:57:41 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcepmui.dll
[2009/08/24 14:57:41 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcelmpm.dll
[2009/08/24 14:57:41 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcecomm.dll
[2009/08/24 14:57:41 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxceprox.dll
[2009/08/24 14:57:41 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcepplc.dll
[2009/06/23 00:30:38 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/06/23 00:30:38 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/06/22 15:12:40 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/22 06:58:02 | 00,000,478 | ---- | C] () -- C:\Windows\win.ini
[2009/04/22 06:58:02 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/04/22 04:50:07 | 00,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/04/22 04:40:32 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/09 21:05:54 | 16,614,648 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst.dll
[2007/02/22 18:32:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxcecoin.dll
[2006/03/09 16:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/18 06:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxcevs.dll
[2005/02/24 17:23:52 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxcecnv4.dll
========== Files - Modified Within 30 Days ==========
[2009/09/28 15:16:08 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2009/09/28 15:13:09 | 00,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/28 15:13:09 | 00,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/28 15:05:43 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/28 15:05:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/28 15:05:24 | 20,065,23904 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/28 15:04:40 | 03,952,480 | -H-- | M] () -- C:\Users\Tom\AppData\Local\IconCache.db
[2009/09/28 14:51:27 | 00,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/28 14:50:48 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tom\Desktop\mbam-setup.exe
[2009/09/28 14:44:53 | 00,047,616 | ---- | M] () -- C:\Users\Tom\Desktop\Win32kDiag.exe
[2009/09/28 10:59:15 | 41,898,764 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/27 21:43:39 | 00,000,140 | ---- | M] () -- C:\Users\Tom\Desktop\sbfix.bat
[2009/09/26 20:43:16 | 00,085,504 | ---- | M] () -- C:\Windows\System32\Inherit.exe
[2009/09/26 20:43:16 | 00,085,504 | ---- | M] () -- C:\Users\Tom\Desktop\Inherit.exe
[2009/09/26 19:09:29 | 00,000,000 | ---- | M] () -- C:\temp.exe
[2009/09/26 19:09:27 | 00,139,305 | ---- | M] (JeEzZ) -- C:\temp
[2009/09/26 13:28:37 | 00,288,768 | ---- | M] () -- C:\Users\Tom\Desktop\l2nrk1lf.exe
[2009/09/26 11:03:26 | 00,113,133 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/23 18:30:38 | 00,161,796 | ---- | M] () -- C:\Users\Tom\Desktop\basic_dog_training_2008.pdf
[2009/09/23 14:35:20 | 00,000,000 | ---- | M] () -- C:\Users\Tom\Desktop\loud.jpg
[2009/09/22 10:30:35 | 00,002,043 | ---- | M] () -- C:\Users\Tom\Desktop\HijackThis.lnk
[2009/09/22 10:28:12 | 00,000,879 | ---- | M] () -- C:\Users\Tom\Desktop\ERUNT.lnk
[2009/09/22 00:04:23 | 03,317,563 | ---- | M] () -- C:\Users\Tom\Desktop\combo- fixit.exe
[2009/09/21 21:02:54 | 00,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/21 21:02:54 | 00,622,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/21 21:02:54 | 00,108,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/21 17:32:33 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Users\Tom\Desktop\avast_home_setup.exe
[2009/09/21 16:33:27 | 01,056,768 | ---- | M] () -- C:\Windows\System32\defltbase.sdb
[2009/09/21 14:57:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/21 14:57:06 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/21 14:57:01 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/21 14:57:01 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/21 14:56:50 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/21 14:56:49 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/20 20:00:39 | 00,331,255 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/09/19 00:06:43 | 00,010,380 | ---- | M] () -- C:\Users\Tom\Desktop\Tinnitus bl.docx
[2009/09/15 14:00:45 | 00,013,190 | ---- | M] () -- C:\Users\Tom\Desktop\coversmallblog.jpg
[2009/09/15 13:19:49 | 00,199,319 | ---- | M] () -- C:\Users\Tom\Desktop\blog-09-15-2009.xml
[2009/09/12 21:10:51 | 00,012,009 | ---- | M] () -- C:\Users\Tom\Desktop\Internet Marketing Campaign.docx
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/08 13:40:17 | 02,754,881 | ---- | M] () -- C:\Users\Tom\Desktop\Horrors_of_Vaccination_Exposed.pdf
[2009/09/06 11:54:42 | 04,120,056 | ---- | M] () -- C:\Users\Tom\Desktop\Death Of Affiliate Marketing on Squidoo.pdf
[2009/09/03 20:51:18 | 00,011,332 | ---- | M] () -- C:\Users\Tom\Desktop\smallme.jpg
[2009/08/31 19:22:29 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
< End of report >
OTL logfile created on: 28/09/2009 15:21:06 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Users\Tom\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.50% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 99.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.80 Gb Total Space | 12.84 Gb Free Space | 23.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOM-LAPTOP
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\System32\lxcecoms.exe ( )
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Lexmark 4300 Series\lxcemon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 4300 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Users\Tom\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AEADIFilters [Auto | Running]) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AppIDSvc [On_Demand | Stopped]) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8emc [Auto | Stopped]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AxInstSV [On_Demand | Stopped]) -- C:\Windows\System32\AxInstSV.dll (Microsoft Corporation)
SRV - (BDESVC [Unknown | Stopped]) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (defragsvc [On_Demand | Stopped]) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (Dhcp [Auto | Running]) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache [On_Demand | Stopped]) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (HomeGroupListener [On_Demand | Running]) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider [On_Demand | Running]) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (lxce_device [Auto | Running]) -- C:\Windows\System32\lxcecoms.exe ( )
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (p2pimsvc [On_Demand | Running]) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc [On_Demand | Stopped]) -- C:\Windows\System32\peerdistsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg [On_Demand | Stopped]) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (PNRPsvc [On_Demand | Running]) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (Power [Auto | Running]) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (RpcEptMapper [Unknown | Running]) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc [On_Demand | Stopped]) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (sppsvc [Auto | Stopped]) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (sppuinotify [On_Demand | Stopped]) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (Themes [Auto | Running]) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (WbioSrvc [On_Demand | Stopped]) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WwanSvc [On_Demand | Stopped]) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (1394ohci [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (AcpiPmi [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (adp94xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adpu320 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (LSI Corp)
DRV - (aic78xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdPPM [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (amdsata [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdsata.sys (AMD)
DRV - (amdsbs [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (amdxata [Boot | Running]) -- C:\Windows\system32\DRIVERS\amdxata.sys (AMD)
DRV - (AppID [On_Demand | Stopped]) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (arc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (arcsas [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (ATSwpWDF [On_Demand | Running]) -- C:\Windows\System32\Drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (b06bdrv [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (b57nd60x [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (Brserid [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (cmdide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CNG [Boot | Running]) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (CompositeBus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (discache [System | Running]) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (ebdrv [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (ElbyCDIO [System | Running]) -- C:\Windows\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (elxstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (FsDepends [On_Demand | Stopped]) -- C:\Windows\System32\drivers\FsDepends.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hcw85cir [On_Demand | Stopped]) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (HpSAMD [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (hwpolicy [Boot | Running]) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (iaStorV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (KSecPkg [Boot | Running]) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_FC [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (LSI_SAS2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (LSI_SCSI [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (megasas [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (MegaSR [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (mshidkmdf [On_Demand | Stopped]) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (NdisCap [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ndiscap.sys (Microsoft Corporation)
DRV - (netw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\netw5v32.sys (Intel Corporation)
DRV - (nfrd960 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (nvraid [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (pcw [Boot | Running]) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (ql2300 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (RasAgileVpn [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AgileVpn.sys (Microsoft Corporation)
DRV - (rdpbus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP [System | Running]) -- C:\Windows\System32\drivers\rdprefmp.sys (Microsoft Corporation)
DRV - (rdyboost [Boot | Running]) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (s3cap [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (scfilter [Unknown | Stopped]) -- C:\Windows\System32\DRIVERS\scfilter.sys (Microsoft Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Stopped]) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (stexstor [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (storflt [Boot | Running]) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TPM [On_Demand | Running]) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (UmPass [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (VClone [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV - (vdrvroot [Boot | Running]) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (vhdmp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (viaide [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (vmbus [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (VMBusHID [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (vsmraid [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vwifibus [On_Demand | Stopped]) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (WfpLwf [System | Running]) -- C:\Windows\System32\DRIVERS\wfplwf.sys (Microsoft Corporation)
DRV - (WIMMount [On_Demand | Stopped]) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\WinUsb.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: clickbank@geminussoft.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.51.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.30
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/22 09:55:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/21 20:27:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/10 22:41:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 22:41:33 | 00,000,000 | ---D | M]
[2009/06/21 22:47:26 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions
[2009/06/21 22:47:26 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/28 14:15:44 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions
[2009/07/02 22:19:54 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}
[2009/06/21 22:53:01 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/22 14:44:33 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009/06/25 13:13:17 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2009/06/22 14:43:45 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\clickbank@geminussoft.com
[2009/09/11 12:35:49 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\ve442xue.default\extensions\support@lastpass.com
[2009/09/28 14:15:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 22:41:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/06 15:01:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/29 18:07:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/24 21:17:45 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 21:17:45 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/13 22:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/13 22:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/27 03:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 21:17:45 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/28 20:09:14 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/08/17 15:01:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/17 15:01:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/17 15:01:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/17 15:01:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/17 15:01:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/17 15:01:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/17 15:01:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/28 20:09:19 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/07/28 20:09:12 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/13 22:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 20:10:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 20:10:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 20:10:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 20:10:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 20:10:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (331255 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 11343 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 4300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LXCECATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()
O4 - HKLM..\Run: [lxcemon.exe] C:\Program Files\Lexmark 4300 Series\lxcemon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: gistweb.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 16:42:25 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c37a9b3-5f48-11de-8e49-00170847af7b}\Shell - "" = AutoRun
O33 - MountPoints2\{0c37a9b3-5f48-11de-8e49-00170847af7b}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{0c37a9b3-5f48-11de-8e49-00170847af7b}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{0c37a9b3-5f48-11de-8e49-00170847af7b}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/09/28 15:16:04 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2009/09/28 14:51:27 | 00,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/28 14:49:22 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tom\Desktop\mbam-setup.exe
[2009/09/28 14:44:50 | 00,047,616 | ---- | C] () -- C:\Users\Tom\Desktop\Win32kDiag.exe
[2009/09/28 11:49:13 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\cngaudit.dll
[2009/09/27 21:43:39 | 00,000,140 | ---- | C] () -- C:\Users\Tom\Desktop\sbfix.bat
[2009/09/27 11:26:30 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\rbu
[2009/09/26 20:43:55 | 00,085,504 | ---- | C] () -- C:\Windows\System32\Inherit.exe
[2009/09/26 20:43:11 | 00,085,504 | ---- | C] () -- C:\Users\Tom\Desktop\Inherit.exe
[2009/09/26 19:09:29 | 00,000,000 | ---- | C] () -- C:\temp.exe
[2009/09/26 19:09:25 | 00,139,305 | ---- | C] (JeEzZ) -- C:\temp
[2009/09/26 13:28:33 | 00,288,768 | ---- | C] () -- C:\Users\Tom\Desktop\l2nrk1lf.exe
[2009/09/26 11:06:54 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\sfsdf
[2009/09/23 18:30:38 | 00,161,796 | ---- | C] () -- C:\Users\Tom\Desktop\basic_dog_training_2008.pdf
[2009/09/23 14:34:17 | 00,000,000 | ---- | C] () -- C:\Users\Tom\Desktop\loud.jpg
[2009/09/22 10:30:35 | 00,002,043 | ---- | C] () -- C:\Users\Tom\Desktop\HijackThis.lnk
[2009/09/22 10:30:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/22 10:28:39 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\reg backup
[2009/09/22 10:28:12 | 00,000,879 | ---- | C] () -- C:\Users\Tom\Desktop\ERUNT.lnk
[2009/09/22 10:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/22 00:04:24 | 03,317,563 | ---- | C] () -- C:\Users\Tom\Desktop\combo- fixit.exe
[2009/09/21 22:24:08 | 00,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Microsoft Games
[2009/09/21 20:39:13 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/21 20:39:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/21 20:39:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/21 17:39:52 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll
[2009/09/21 17:32:22 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Users\Tom\Desktop\avast_home_setup.exe
[2009/09/21 17:01:03 | 03,952,480 | -H-- | C] () -- C:\Users\Tom\AppData\Local\IconCache.db
[2009/09/21 16:27:10 | 01,056,768 | ---- | C] () -- C:\Windows\System32\defltbase.sdb
[2009/09/21 14:58:17 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/21 14:57:06 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/21 14:57:06 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/21 14:57:01 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/21 14:57:01 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/21 14:56:51 | 41,898,764 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/21 14:56:50 | 00,113,133 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/21 14:56:49 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/21 14:56:47 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/21 14:56:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/09/21 14:56:45 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/09/21 14:56:45 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/09/21 14:44:34 | 00,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\AVG8
[2009/09/20 23:08:23 | 00,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
[2009/09/20 23:08:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/20 23:01:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/09/20 23:01:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/20 20:56:48 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[2009/09/20 20:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\GiPo@Utilities
[2009/09/20 20:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Gibinsoft Shared
[2009/09/19 21:02:49 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Tinnitus
[2009/09/18 15:05:36 | 00,010,380 | ---- | C] () -- C:\Users\Tom\Desktop\Tinnitus bl.docx
[2009/09/15 14:00:45 | 00,013,190 | ---- | C] () -- C:\Users\Tom\Desktop\coversmallblog.jpg
[2009/09/15 13:19:47 | 00,199,319 | ---- | C] () -- C:\Users\Tom\Desktop\blog-09-15-2009.xml
[2009/09/12 21:10:51 | 00,012,009 | ---- | C] () -- C:\Users\Tom\Desktop\Internet Marketing Campaign.docx
[2009/09/10 21:58:41 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/09/09 23:19:32 | 04,120,056 | ---- | C] () -- C:\Users\Tom\Desktop\Death Of Affiliate Marketing on Squidoo.pdf
[2009/09/09 21:56:48 | 00,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/08 13:40:10 | 02,754,881 | ---- | C] () -- C:\Users\Tom\Desktop\Horrors_of_Vaccination_Exposed.pdf
[2009/09/03 20:51:18 | 00,011,332 | ---- | C] () -- C:\Users\Tom\Desktop\smallme.jpg
[2009/09/03 20:37:13 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\September_number_one_4586hiu38
[2009/09/03 14:16:57 | 00,000,000 | ---D | C] -- C:\Users\Tom\Desktop\September 2009
[2009/08/29 18:07:22 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/29 18:07:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/29 18:07:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/24 14:57:42 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxceserv.dll
[2009/08/24 14:57:42 | 00,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxceusb1.dll
[2009/08/24 14:57:42 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxceinpa.dll
[2009/08/24 14:57:42 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxceiesc.dll
[2009/08/24 14:57:42 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcehcp.dll
[2009/08/24 14:57:42 | 00,274,432 | ---- | C] () -- C:\Windows\System32\lxceinst.dll
[2009/08/24 14:57:41 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcehbn3.dll
[2009/08/24 14:57:41 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcecomc.dll
[2009/08/24 14:57:41 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcepmui.dll
[2009/08/24 14:57:41 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcelmpm.dll
[2009/08/24 14:57:41 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcecomm.dll
[2009/08/24 14:57:41 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxceprox.dll
[2009/08/24 14:57:41 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcepplc.dll
[2009/06/23 00:30:38 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/06/23 00:30:38 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/06/22 15:12:40 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/22 06:58:02 | 00,000,478 | ---- | C] () -- C:\Windows\win.ini
[2009/04/22 06:58:02 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/04/22 04:50:07 | 00,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/04/22 04:40:32 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/04/09 21:05:54 | 16,614,648 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst.dll
[2007/02/22 18:32:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxcecoin.dll
[2006/03/09 16:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/18 06:26:46 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxcevs.dll
[2005/02/24 17:23:52 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxcecnv4.dll
========== Files - Modified Within 30 Days ==========
[2009/09/28 15:16:08 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2009/09/28 15:13:09 | 00,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/28 15:13:09 | 00,013,408 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/28 15:05:43 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/28 15:05:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/28 15:05:24 | 20,065,23904 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/28 15:04:40 | 03,952,480 | -H-- | M] () -- C:\Users\Tom\AppData\Local\IconCache.db
[2009/09/28 14:51:27 | 00,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/28 14:50:48 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tom\Desktop\mbam-setup.exe
[2009/09/28 14:44:53 | 00,047,616 | ---- | M] () -- C:\Users\Tom\Desktop\Win32kDiag.exe
[2009/09/28 10:59:15 | 41,898,764 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/09/27 21:43:39 | 00,000,140 | ---- | M] () -- C:\Users\Tom\Desktop\sbfix.bat
[2009/09/26 20:43:16 | 00,085,504 | ---- | M] () -- C:\Windows\System32\Inherit.exe
[2009/09/26 20:43:16 | 00,085,504 | ---- | M] () -- C:\Users\Tom\Desktop\Inherit.exe
[2009/09/26 19:09:29 | 00,000,000 | ---- | M] () -- C:\temp.exe
[2009/09/26 19:09:27 | 00,139,305 | ---- | M] (JeEzZ) -- C:\temp
[2009/09/26 13:28:37 | 00,288,768 | ---- | M] () -- C:\Users\Tom\Desktop\l2nrk1lf.exe
[2009/09/26 11:03:26 | 00,113,133 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/09/23 18:30:38 | 00,161,796 | ---- | M] () -- C:\Users\Tom\Desktop\basic_dog_training_2008.pdf
[2009/09/23 14:35:20 | 00,000,000 | ---- | M] () -- C:\Users\Tom\Desktop\loud.jpg
[2009/09/22 10:30:35 | 00,002,043 | ---- | M] () -- C:\Users\Tom\Desktop\HijackThis.lnk
[2009/09/22 10:28:12 | 00,000,879 | ---- | M] () -- C:\Users\Tom\Desktop\ERUNT.lnk
[2009/09/22 00:04:23 | 03,317,563 | ---- | M] () -- C:\Users\Tom\Desktop\combo- fixit.exe
[2009/09/21 21:02:54 | 00,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/21 21:02:54 | 00,622,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/21 21:02:54 | 00,108,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/21 17:32:33 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Users\Tom\Desktop\avast_home_setup.exe
[2009/09/21 16:33:27 | 01,056,768 | ---- | M] () -- C:\Windows\System32\defltbase.sdb
[2009/09/21 14:57:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/09/21 14:57:06 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/09/21 14:57:01 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/09/21 14:57:01 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/09/21 14:56:50 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/21 14:56:49 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/09/20 20:00:39 | 00,331,255 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/09/19 00:06:43 | 00,010,380 | ---- | M] () -- C:\Users\Tom\Desktop\Tinnitus bl.docx
[2009/09/15 14:00:45 | 00,013,190 | ---- | M] () -- C:\Users\Tom\Desktop\coversmallblog.jpg
[2009/09/15 13:19:49 | 00,199,319 | ---- | M] () -- C:\Users\Tom\Desktop\blog-09-15-2009.xml
[2009/09/12 21:10:51 | 00,012,009 | ---- | M] () -- C:\Users\Tom\Desktop\Internet Marketing Campaign.docx
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/08 13:40:17 | 02,754,881 | ---- | M] () -- C:\Users\Tom\Desktop\Horrors_of_Vaccination_Exposed.pdf
[2009/09/06 11:54:42 | 04,120,056 | ---- | M] () -- C:\Users\Tom\Desktop\Death Of Affiliate Marketing on Squidoo.pdf
[2009/09/03 20:51:18 | 00,011,332 | ---- | M] () -- C:\Users\Tom\Desktop\smallme.jpg
[2009/08/31 19:22:29 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
< End of report >
kingnothing
New member
Contents of Extras.txt:
OTL Extras logfile created on: 28/09/2009 15:21:06 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Users\Tom\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.50% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 99.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.80 Gb Total Space | 12.84 Gb Free Space | 23.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOM-LAPTOP
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- C:\PROGRA~1\MICROS~2\OFFICE11\FRONTPG.EXE /dde (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8947EEAC-D5EE-4BA1-AF88-08E4E30CF7A9}" = WIN7TS
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG8Uninstall" = AVG Free 8.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.5
"Football Manager 2009" = Football Manager 2009
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IAWP" = IAWP
"InstallShield_{8947EEAC-D5EE-4BA1-AF88-08E4E30CF7A9}" = WIN7TS
"IrfanView" = IrfanView (remove only)
"Lexmark 4300 Series" = Lexmark 4300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"PlayFLV" = PlayFLV
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VirtualCloneDrive" = VirtualCloneDrive
"WinRAR" = WinRAR
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:18 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:18 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
[ OSession Events ]
Error - 10/08/2009 06:27:34 | Computer Name = Tom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 54
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21/09/2009 09:30:36 | Computer Name = Tom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL Extras logfile created on: 28/09/2009 15:21:06 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Users\Tom\Desktop
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.50% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 99.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.80 Gb Total Space | 12.84 Gb Free Space | 23.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOM-LAPTOP
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- C:\PROGRA~1\MICROS~2\OFFICE11\FRONTPG.EXE /dde (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8947EEAC-D5EE-4BA1-AF88-08E4E30CF7A9}" = WIN7TS
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG8Uninstall" = AVG Free 8.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.5
"Football Manager 2009" = Football Manager 2009
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IAWP" = IAWP
"InstallShield_{8947EEAC-D5EE-4BA1-AF88-08E4E30CF7A9}" = WIN7TS
"IrfanView" = IrfanView (remove only)
"Lexmark 4300 Series" = Lexmark 4300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"PlayFLV" = PlayFLV
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VirtualCloneDrive" = VirtualCloneDrive
"WinRAR" = WinRAR
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:17 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:18 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 21/09/2009 11:34:18 | Computer Name = Tom-Laptop | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
[ OSession Events ]
Error - 10/08/2009 06:27:34 | Computer Name = Tom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 54
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21/09/2009 09:30:36 | Computer Name = Tom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Hi,
Get updates 9.1.2 and 9.1.3 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Kaspersky Online Scanner
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Get updates 9.1.2 and 9.1.3 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Kaspersky Online Scanner
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- Read the requirements and privacy statement then click on the Accept button.
- The program will launch and start to download the latest definition files.
- You will be prompted to install an application from Kaspersky. Click Run
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- Click on Save Report As....
- Change the Files of type to Text file (.txt) before clicking on the Save button.
- Save this report to a convenient place.
- Copy and paste that information into your topic. How's the system running?
- The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
kingnothing
New member
Kaspersky log:
Monday, September 28, 2009
Operating system: Microsoft Professional (build 7100)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 28, 2009 15:54:36
Records in database: 2930131
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Objects scanned 90103
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:42:02
No threats found. Scanned area is clean.
Selected area has been scanned.
My computer runs ok but there are a few things not right such as when I startup Microsoft Office Outlook I get an access denied error but I can access the program. Also some of my start menu icons seem to have change to a blank icon if you know what I mean.
Monday, September 28, 2009
Operating system: Microsoft Professional (build 7100)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 28, 2009 15:54:36
Records in database: 2930131
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Objects scanned 90103
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:42:02
No threats found. Scanned area is clean.
Selected area has been scanned.
My computer runs ok but there are a few things not right such as when I startup Microsoft Office Outlook I get an access denied error but I can access the program. Also some of my start menu icons seem to have change to a blank icon if you know what I mean.
kingnothing
New member
My programs work but things like Word documents seem to have the unknown file icon. Those are word documents in the screenshot.
kingnothing
New member
No it was already set to open with Word. :sad:
kingnothing
New member
Just tried to download avast antivirus and when the download completed it 0kb did the same with avg.