foreverinsane Posted September 19, 2010 Posted September 19, 2010 Hello, I wrote most of this last night in notepad as I was bound to forget it. Google chrome is my main web browser but now it isn't loading up. hen I click on the icon the PC sounds like its doing something, then stops as if it was done. I redownloaded the installer and when trying to install, I get this error message: "Unknown installer error". My chrome short cut goes to "C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe". When I hover over chrome.exe, it says "file version: 0.0.0.0" shich doesn't sound right. Could it be a virus? Firefox loads up fine. Before (maybe the problem?) I was following a tutorial on how to allow Windows media player to show the mini toolbar (http://www.askvg.com/how-to-get-wind...-in-windows-7/) I got to the end, restarted and tried to play music. hen clicking on an MP3, WMP11 loaded up but didn't play the songs although it played songs already in the library fine. I started to do windows restore but before I did, WMP11 started to load up again, tryin to play the MP3. I closed it and continued. Thats where im up to now. the PC restarted and chrome was dead since. I downloaded TDSSKiller (kaspersky) and uploaded an image of the result. My HJT report: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 03:59:29 AM, on 19/09/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\System32\S3Funkey.exe C:\Windows\System32\s3trayp.exe C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Unterhaltung, Nachrichten, Sport, Jobs, Immobilien und mehr bei MSN AT R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.4:8123 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;http://www.plimus.com;regnow.com;www.regnow.com;*.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe hide O4 - HKLM\..\Run: [s3Funkey] S3Funkey.exe O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe -chkautorun O4 - HKCU\..\Run: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\coolhandMPP\MPPoker.exe (file missing) (HKCU) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 7686 bytes Today: Google Chrome seems to be working today but unhappy with the fact that it wasn't working yesterday (something had to have been stopping it) I did a Kaspersky Online Scan. The results look interesting and has been attached (in zip as HTML can't be uploaded here). I appreciate any help, Thank you.KOS results.zip Quote
Starbuck Posted September 19, 2010 Posted September 19, 2010 Hi foreverinsane, I'm not sure why people still rely on posting a Hjt log. It's an outdated idea and doesn't show us anything now. Malware has moved on .... but Hjt has stood still. Let's forget the report and look to something that will give us the info we need. Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Step 2 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab:Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 3 Download OTL to your desktop. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM scan report Both reports from OTL Thanks. Quote Member of:UNITE
foreverinsane Posted September 20, 2010 Author Posted September 20, 2010 thanks for the help. I had done the malware before you posted: Malwarebytes' Anti-Malware 1.46 Malwarebytes Database version: 4653 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20/09/2010 12:45:03 AM mbam-log-2010-09-20 (00-45-03).txt Scan type: Full scan (C:\|) Objects scanned: 305796 Time elapsed: 2 hour(s), 27 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL Extras logfile created on: 20/09/2010 01:18:04 AM - Run 1 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\James\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148.95 Gb Total Space | 84.33 Gb Free Space | 56.61% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MUWHAHAHA-PC Current User Name: James Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4025244F-7F7C-4AB8-BF9A-F4A017AE6674}" = InkSaver "{41BB38A4-ED84-4682-8329-042FEBD8C30B}" = Mega Manager "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player "{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{A1E480F4-805E-AE2D-5F83-FC7618F47046}" = Catalyst Control Center InstallProxy "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C536DC8F-FAFC-1656-BCF6-B6BACEF7A975}" = Catalyst Control Center InstallProxy "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE4ABA37-B9A8-42AC-8DD5-EB75C945A1A7}" = W54P "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FD423BBD-8095-D342-F496-59D7C22FD581}" = ATI Catalyst Install Manager "7-Zip" = 7-Zip 4.65 "abgx360" = abgx360 v1.0.2 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "AutoGK" = Auto Gordian Knot 2.55 "AVG9Uninstall" = AVG 9.0 "AviSynth" = AviSynth 2.5 "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop "CCleaner" = CCleaner "Chrome9HC" = VIA Chrome9 HC IGP Family Display "Combined Community Codec Pack BETA_is1" = Combined Community Codec Pack BETA 2010-05-21 "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54 "Defraggler" = Defraggler "DivX Setup.divx.com" = DivX Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "ImgBurn" = ImgBurn "InstallShield_{4025244F-7F7C-4AB8-BF9A-F4A017AE6674}" = InkSaver "JDownloader" = JDownloader "K-Meleon" = K-Meleon 1.5.4 en-US (remove only) "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series "Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MegauploadToolbar" = Megaupload Toolbar "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "PokerStars" = PokerStars "PowerISO" = PowerISO "PSPVC" = PSPVC :: PSP Video Converter v3.91 "SopCast" = SopCast 2.0.4 "uTorrent" = µTorrent "Veetle TV" = Veetle TV 0.9.17 "VIA Chrome9 HC IGP Windows Vista Display" = VIA Display Vista Driver 7.14.10.0055 "VLC media player" = VLC media player 1.1.4 "VobSub" = VobSub v2.23 (Remove Only) "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18/09/2010 10:36:57 PM | Computer Name = Muwhahaha-PC | Source = Application Error | ID = 1000 Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4c802ab2 Faulting module name: chrome.dll, version: 6.0.472.55, time stamp: 0x4c802a7a Exception code: 0x80000003 Fault offset: 0x000c958a Faulting process id: 0x14fc Faulting application start time: 0x01cb57a387658e01 Faulting application path: C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module path: C:\Users\James\AppData\Local\Google\Chrome\Application\6.0.472.55\chrome.dll Report Id: c54b39e7-c396-11df-b36d-001558941bea Error - 18/09/2010 10:44:35 PM | Computer Name = Muwhahaha-PC | Source = Application Error | ID = 1000 Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4c802ab2 Faulting module name: chrome.dll, version: 6.0.472.55, time stamp: 0x4c802a7a Exception code: 0x80000003 Fault offset: 0x000c958a Faulting process id: 0x1138 Faulting application start time: 0x01cb57a49795d300 Faulting application path: C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module path: C:\Users\James\AppData\Local\Google\Chrome\Application\6.0.472.55\chrome.dll Report Id: d5f9a7d5-c397-11df-b36d-001558941bea Error - 18/09/2010 10:45:13 PM | Computer Name = Muwhahaha-PC | Source = Application Error | ID = 1000 Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4c802ab2 Faulting module name: chrome.dll, version: 6.0.472.55, time stamp: 0x4c802a7a Exception code: 0x80000003 Fault offset: 0x000c958a Faulting process id: 0x1748 Faulting application start time: 0x01cb57a4af08b44e Faulting application path: C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module path: C:\Users\James\AppData\Local\Google\Chrome\Application\6.0.472.55\chrome.dll Report Id: ecf0c195-c397-11df-b36d-001558941bea Error - 18/09/2010 10:57:28 PM | Computer Name = Muwhahaha-PC | Source = Application Error | ID = 1000 Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4c802ab2 Faulting module name: chrome.dll, version: 6.0.472.55, time stamp: 0x4c802a7a Exception code: 0x80000003 Fault offset: 0x000c958a Faulting process id: 0xac0 Faulting application start time: 0x01cb57a651e592ee Faulting application path: C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module path: C:\Users\James\AppData\Local\Google\Chrome\Application\6.0.472.55\chrome.dll Report Id: a2c59764-c399-11df-8bee-001558941bea Error - 18/09/2010 11:05:22 PM | Computer Name = Muwhahaha-PC | Source = Application Error | ID = 1000 Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4c802ab2 Faulting module name: chrome.dll, version: 6.0.472.55, time stamp: 0x4c802a7a Exception code: 0x80000003 Fault offset: 0x000c958a Faulting process id: 0x1c10 Faulting application start time: 0x01cb57a77f40e907 Faulting application path: C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module path: C:\Users\James\AppData\Local\Google\Chrome\Application\6.0.472.55\chrome.dll Report Id: bdabe1fd-c39a-11df-8bee-001558941bea Error - 18/09/2010 11:11:54 PM | Computer Name = Muwhahaha-PC | Source = Application Error | ID = 1000 Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4c802ab2 Faulting module name: chrome.dll, version: 6.0.472.55, time stamp: 0x4c802a7a Exception code: 0x80000003 Fault offset: 0x000c958a Faulting process id: 0x7f8 Faulting application start time: 0x01cb57a8686518dd Faulting application path: C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module path: C:\Users\James\AppData\Local\Google\Chrome\Application\6.0.472.55\chrome.dll Report Id: a7555ee3-c39b-11df-8bee-001558941bea Error - 18/09/2010 11:12:50 PM | Computer Name = Muwhahaha-PC | Source = Application Error | ID = 1000 Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4c802ab2 Faulting module name: chrome.dll, version: 6.0.472.55, time stamp: 0x4c802a7a Exception code: 0x80000003 Fault offset: 0x000c958a Faulting process id: 0x1890 Faulting application start time: 0x01cb57a88a531625 Faulting application path: C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module path: C:\Users\James\AppData\Local\Google\Chrome\Application\6.0.472.55\chrome.dll Report Id: c842478d-c39b-11df-8bee-001558941bea Error - 18/09/2010 11:20:20 PM | Computer Name = Muwhahaha-PC | Source = Application Error | ID = 1000 Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp: 0x4c802ab2 Faulting module name: chrome.dll, version: 6.0.472.55, time stamp: 0x4c802a7a Exception code: 0x80000003 Fault offset: 0x000c958a Faulting process id: 0x16b4 Faulting application start time: 0x01cb57a995cb6600 Faulting application path: C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module path: C:\Users\James\AppData\Local\Google\Chrome\Application\6.0.472.55\chrome.dll Report Id: d4f00a4c-c39c-11df-8bee-001558941bea Error - 19/09/2010 04:05:13 AM | Computer Name = Muwhahaha-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 19/09/2010 09:16:56 AM | Computer Name = Muwhahaha-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1533 Description = Windows cannot delete the profile directory C:\Users\Michelle. This error may be caused by files in this directory being used by another program. DETAIL - The directory is not empty. [ Media Center Events ] Error - 09/04/2010 12:56:46 PM | Computer Name = Muwhahaha-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 09/04/2010 02:42:50 PM | Computer Name = Muwhahaha-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301 Description = Error - 15/05/2010 01:47:10 AM | Computer Name = Muwhahaha-PC | Source = MCUpdate | ID = 0 Description = 06:47:10 - Error connecting to the internet. 06:47:10 - Unable to contact server.. Error - 15/05/2010 01:47:27 AM | Computer Name = Muwhahaha-PC | Source = MCUpdate | ID = 0 Description = 06:47:15 - Error connecting to the internet. 06:47:15 - Unable to contact server.. Error - 07/06/2010 01:50:06 AM | Computer Name = Muwhahaha-PC | Source = MCUpdate | ID = 0 Description = 06:49:35 - Failed to retrieve Broadband (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 02/09/2010 02:15:01 AM | Computer Name = Muwhahaha-PC | Source = MCUpdate | ID = 0 Description = 07:15:01 - Error connecting to the internet. 07:15:01 - Unable to contact server.. Error - 02/09/2010 02:15:39 AM | Computer Name = Muwhahaha-PC | Source = MCUpdate | ID = 0 Description = 07:15:33 - Error connecting to the internet. 07:15:33 - Unable to contact server.. [ System Events ] Error - 19/09/2010 07:50:06 AM | Computer Name = Muwhahaha-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService service to connect. Error - 19/09/2010 07:50:06 AM | Computer Name = Muwhahaha-PC | Source = Service Control Manager | ID = 7000 Description = The lxdxCATSCustConnectService service failed to start due to the following error: %%1053 Error - 19/09/2010 07:51:40 AM | Computer Name = Muwhahaha-PC | Source = Service Control Manager | ID = 7022 Description = The KService service hung on starting. Error - 19/09/2010 03:47:51 PM | Computer Name = Muwhahaha-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2347290). Error - 19/09/2010 03:49:41 PM | Computer Name = Muwhahaha-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService service to connect. Error - 19/09/2010 03:49:41 PM | Computer Name = Muwhahaha-PC | Source = Service Control Manager | ID = 7000 Description = The lxdxCATSCustConnectService service failed to start due to the following error: %%1053 Error - 19/09/2010 03:51:14 PM | Computer Name = Muwhahaha-PC | Source = Service Control Manager | ID = 7022 Description = The KService service hung on starting. Error - 19/09/2010 08:06:24 PM | Computer Name = Muwhahaha-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService service to connect. Error - 19/09/2010 08:06:24 PM | Computer Name = Muwhahaha-PC | Source = Service Control Manager | ID = 7000 Description = The lxdxCATSCustConnectService service failed to start due to the following error: %%1053 Error - 19/09/2010 08:07:55 PM | Computer Name = Muwhahaha-PC | Source = Service Control Manager | ID = 7022 Description = The KService service hung on starting. < End of report > Quote
foreverinsane Posted September 20, 2010 Author Posted September 20, 2010 (edited) OTL logfile created on: 20/09/2010 01:18:04 AM - Run 1 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Users\James\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148.95 Gb Total Space | 84.33 Gb Free Space | 56.61% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MUWHAHAHA-PC Current User Name: James Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\James\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.) PRC - C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) PRC - C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe () PRC - C:\Windows\System32\S3Funkey.exe (S3 Graphics Co., Ltd.) PRC - C:\Windows\System32\lxdxcoms.exe ( ) ========== Modules (SafeList) ========== MOD - C:\Users\James\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (lxdxCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe () SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.) SRV - (lxdx_device) -- C:\Windows\System32\lxdxcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (FXDrv32) -- C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys File not found DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSDriverw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilterw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSErHrw7x) -- C:\Windows\System32\Drivers\AVGIDSwx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShimw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.) DRV - (rt61x86) -- C:\Windows\System32\drivers\netr61.sys (Ralink Technology, Corp.) DRV - (cpuz133) -- C:\Windows\System32\drivers\cpuz133_x32.sys (Windows ® Win 7 DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (Sunbelt Software) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (S3GIGP) -- C:\Windows\System32\drivers\VTGKModeDX32.sys (S3 Graphics Co., Ltd.) DRV - (PORTIO) -- C:\Users\James\X360\Jungleflasher\JungleFlasher v0.1.73 Beta (108)\portio32.sys () DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation) DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation) DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation) DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation) DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Free Online News, Sport, Music, Movies, Money, Cars and Windows Live from MSN UK IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 78 DE 4F 62 E9 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;http://www.plimus.com;regnow.com;www.regnow.com;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.4:8123 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "megaup" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.6.1 FF - prefs.js..extensions.enabledItems: {991A772A-BA13-4c1d-A9EF-F897F31DEC7D}:3.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5 FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/03/26 19:10:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files\Ad Muncher\FirefoxExtension_2.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/06 11:07:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files\K-Meleon\Plugins [2010/08/22 13:06:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files\K-Meleon\Components [2010/06/22 13:33:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 02:41:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/22 13:06:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2010/03/10 23:52:01 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Extensions [2010/03/10 23:52:01 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\dlr219u2.default\extensions [2010/09/19 03:58:28 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\t1a8gwx1.default\extensions [2010/06/30 14:33:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\t1a8gwx1.default\extensions\{43c35458-c907-439b-bcfd-07d373834689} [2010/06/18 11:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\t1a8gwx1.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D} [2010/09/19 03:19:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\t1a8gwx1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/06/30 14:33:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\t1a8gwx1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/09/19 03:58:19 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\t1a8gwx1.default\extensions\autofillForms@blueimp.net [2010/08/16 18:50:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\t1a8gwx1.default\extensions\refspoof@mozdev.org [2010/09/19 03:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/08/12 01:53:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/08/12 01:52:43 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/07/02 11:02:44 | 000,002,874 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 Registration O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 ads.nlop.com O1 - Hosts: 127.0.0.1 advertising.com O1 - Hosts: 127.0.0.1 apmebf.com O1 - Hosts: 127.0.0.1 bluestreak.com O1 - Hosts: 15 more lines... O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD ) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited) O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD ) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [inkSaver] C:\Program Files\InkSaver\InkSaver.exe (Strydent Software, Inc.) O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe () O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [s3Funkey] C:\Windows\System32\S3Funkey.exe (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [s3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tenda W54P.lnk - C:\Program Files\Tenda\W54P\UI.exe - () MsConfig - StartUpFolder: C:^Users^James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe - () MsConfig - StartUpFolder: C:^Users^James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe File not found MsConfig - StartUpReg: ATICustomerCare - hkey= - key= - C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: kdx - hkey= - key= - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2010/09/20 01:13:38 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe [2010/09/20 00:50:02 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\TFC.exe [2010/09/19 21:15:56 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\James\Desktop\mbam-setup-1.46.exe [2010/09/19 13:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2010/09/19 13:49:53 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SystemRequirementsLab [2010/09/19 03:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/09/19 03:42:56 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\James\Desktop\TDSSKiller.exe [2010/09/13 11:59:23 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\LRC [2010/09/12 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity [2010/09/12 17:29:19 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Audacity [2010/09/12 17:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode) [2010/09/08 17:26:22 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\Brandon Flowers [2010/09/02 02:34:52 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\vlc [2010/09/01 08:35:57 | 002,146,000 | ---- | C] (AVG Technologies) -- C:\Users\James\Desktop\avg_avw_stb_all_9_117.exe [2010/08/29 23:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\n7-89-o9-3r-4t-r9 [2010/08/29 23:39:05 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\GameHouse [2010/08/29 23:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\GameHouse [2010/08/29 15:13:53 | 000,000,000 | ---D | C] -- C:\Users\James\eee [2010/08/28 23:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema [2010/08/27 15:14:59 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Nero [2010/08/27 00:17:43 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Nero [2010/08/27 00:11:46 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\NeroVision [2010/08/27 00:09:47 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Nero [2010/08/26 23:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010/08/26 23:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero [2010/08/26 23:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2010/08/26 23:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe [2010/08/25 18:20:37 | 000,000,000 | ---D | C] -- C:\Users\James\Complaints [2010/08/25 01:36:18 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\Bryan Danielson [2010/08/23 00:46:16 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\The Final Frontier [2010/08/22 14:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle [2010/08/10 15:43:47 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll [2010/08/10 15:43:46 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll [2010/08/10 15:43:46 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll [2010/08/10 15:43:46 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll [2010/08/10 15:43:46 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll [2010/08/10 15:43:46 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll [2010/08/10 15:43:45 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll [2010/08/10 15:43:45 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll [2010/08/10 15:43:44 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll [2010/08/10 15:43:43 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll [2010/08/10 15:43:43 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll [2009/10/16 15:27:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll ========== Files - Modified Within 30 Days ========== [2010/09/20 01:18:11 | 003,407,872 | -HS- | M] () -- C:\Users\James\ntuser.dat [2010/09/20 01:13:46 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe [2010/09/20 01:11:40 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/09/20 01:11:40 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/09/20 01:08:33 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/09/20 01:06:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/09/20 01:05:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/09/20 01:05:47 | 2364,399,616 | -HS- | M] () -- C:\hiberfil.sys [2010/09/20 01:04:35 | 007,316,677 | -H-- | M] () -- C:\Users\James\AppData\Local\IconCache.db [2010/09/20 01:04:11 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697917847-396951455-3782274156-1000UA.job [2010/09/20 00:50:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\TFC.exe [2010/09/20 00:46:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/09/19 22:15:34 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/19 21:16:07 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\James\Desktop\mbam-setup-1.46.exe [2010/09/19 21:02:52 | 064,994,498 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/09/19 20:18:57 | 000,001,279 | ---- | M] () -- C:\Users\James\Desktop\KOS results.zip [2010/09/19 20:08:37 | 000,003,595 | ---- | M] () -- C:\Users\James\Desktop\KOS results.html [2010/09/19 04:14:09 | 000,080,849 | ---- | M] () -- C:\Users\James\Desktop\Untitled.png [2010/09/19 03:52:19 | 000,002,963 | ---- | M] () -- C:\Users\James\Desktop\HiJackThis.lnk [2010/09/19 03:25:04 | 000,524,288 | -HS- | M] () -- C:\Users\James\ntuser.dat{c1ee1566-c391-11df-9bc4-001558941bea}.TMContainer00000000000000000002.regtrans-ms [2010/09/19 03:25:04 | 000,524,288 | -HS- | M] () -- C:\Users\James\ntuser.dat{c1ee1566-c391-11df-9bc4-001558941bea}.TMContainer00000000000000000001.regtrans-ms [2010/09/19 03:25:04 | 000,065,536 | -HS- | M] () -- C:\Users\James\ntuser.dat{c1ee1566-c391-11df-9bc4-001558941bea}.TM.blf [2010/09/19 02:36:13 | 734,115,840 | ---- | M] () -- C:\Users\James\Desktop\the.apprentice.s10e01.hdtv.xvid-bajskorv.avi [2010/09/19 02:11:05 | 000,000,036 | ---- | M] () -- C:\Users\James\Desktop\Saboteur.dvd [2010/09/18 17:32:40 | 000,160,648 | ---- | M] () -- C:\Users\James\Desktop\SkillstrainReject.jpg [2010/09/17 18:22:43 | 000,040,201 | -H-- | M] () -- C:\Users\James\Desktop\mvstcdxx.lst [2010/09/17 17:59:24 | 000,029,995 | -HS- | M] () -- C:\Users\James\Desktop\Folder.jpg [2010/09/17 17:59:24 | 000,007,459 | -HS- | M] () -- C:\Users\James\Desktop\AlbumArtSmall.jpg [2010/09/17 17:57:21 | 000,010,350 | -HS- | M] () -- C:\Users\James\Desktop\AlbumArt_{6EC985A0-492F-4E86-A0C1-28C417C175D3}_Large.jpg [2010/09/17 17:57:21 | 000,002,570 | -HS- | M] () -- C:\Users\James\Desktop\AlbumArt_{6EC985A0-492F-4E86-A0C1-28C417C175D3}_Small.jpg [2010/09/17 17:55:31 | 000,037,041 | -HS- | M] () -- C:\Users\James\Desktop\AlbumArt_{A89D4A86-63B8-4C0C-AF07-9BFC72B33F10}_Large.jpg [2010/09/17 17:55:31 | 000,008,238 | -HS- | M] () -- C:\Users\James\Desktop\AlbumArt_{A89D4A86-63B8-4C0C-AF07-9BFC72B33F10}_Small.jpg [2010/09/15 07:25:19 | 198,123,790 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/09/15 02:04:01 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697917847-396951455-3782274156-1000Core.job [2010/09/14 08:59:33 | 000,620,398 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm [2010/09/13 13:35:46 | 000,747,854 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/09/13 13:35:46 | 000,639,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/09/13 13:35:46 | 000,118,970 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/09/12 17:29:10 | 000,001,012 | ---- | M] () -- C:\Users\James\Desktop\Audacity 1.3 Beta (Unicode).lnk [2010/09/10 11:50:02 | 000,037,888 | ---- | M] () -- C:\Users\James\James CV.doc [2010/09/07 14:44:52 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\James\Desktop\TDSSKiller.exe [2010/09/04 22:33:01 | 733,497,854 | ---- | M] () -- C:\Users\James\Desktop\Tooth Fairy 2.avi [2010/09/04 12:56:57 | 733,003,776 | ---- | M] () -- C:\Users\James\Desktop\Band of Brothers 1.avi [2010/09/04 12:56:46 | 734,132,224 | ---- | M] () -- C:\Users\James\Desktop\Band of Brothers 2.avi [2010/09/04 12:55:28 | 733,956,096 | ---- | M] () -- C:\Users\James\Desktop\Band of Brothers 5.avi [2010/09/04 03:39:00 | 733,782,016 | ---- | M] () -- C:\Users\James\Desktop\Band of Brothers 4.avi [2010/09/04 03:22:53 | 733,372,416 | ---- | M] () -- C:\Users\James\Desktop\Band of Brothers 6.avi [2010/09/04 03:22:38 | 733,503,488 | ---- | M] () -- C:\Users\James\Desktop\Band of Brothers 3.avi [2010/09/04 03:20:13 | 733,122,560 | ---- | M] () -- C:\Users\James\Desktop\Band of Brothers 7.avi [2010/09/04 03:19:04 | 733,794,304 | ---- | M] () -- C:\Users\James\Desktop\Band of Brothers 8.avi [2010/09/04 03:17:11 | 733,839,360 | ---- | M] () -- C:\Users\James\Desktop\Band of Brothers 9.avi [2010/09/04 03:15:51 | 733,597,696 | ---- | M] () -- C:\Users\James\Desktop\Band of Brothers 10.avi [2010/09/01 16:56:21 | 000,000,018 | ---- | M] () -- C:\freemem.vbe [2010/09/01 08:36:03 | 002,146,000 | ---- | M] (AVG Technologies) -- C:\Users\James\Desktop\avg_avw_stb_all_9_117.exe [2010/08/29 15:13:42 | 008,288,706 | ---- | M] () -- C:\Users\James\Desktop\ipdl.exe [2010/08/27 21:11:25 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010/08/21 22:50:29 | 000,002,118 | ---- | M] () -- C:\Users\James\.recently-used.xbel [2010/08/21 22:13:13 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo ========== Files Created - No Company Name ========== [2010/09/19 22:15:34 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/09/19 20:18:57 | 000,001,279 | ---- | C] () -- C:\Users\James\Desktop\KOS results.zip [2010/09/19 20:08:37 | 000,003,595 | ---- | C] () -- C:\Users\James\Desktop\KOS results.html [2010/09/19 04:14:08 | 000,080,849 | ---- | C] () -- C:\Users\James\Desktop\Untitled.png [2010/09/19 03:52:19 | 000,002,963 | ---- | C] () -- C:\Users\James\Desktop\HiJackThis.lnk [2010/09/19 03:21:36 | 000,524,288 | -HS- | C] () -- C:\Users\James\ntuser.dat{c1ee1566-c391-11df-9bc4-001558941bea}.TMContainer00000000000000000002.regtrans-ms [2010/09/19 03:21:35 | 000,524,288 | -HS- | C] () -- C:\Users\James\ntuser.dat{c1ee1566-c391-11df-9bc4-001558941bea}.TMContainer00000000000000000001.regtrans-ms [2010/09/19 03:21:35 | 000,065,536 | -HS- | C] () -- C:\Users\James\ntuser.dat{c1ee1566-c391-11df-9bc4-001558941bea}.TM.blf [2010/09/19 02:27:47 | 000,000,034 | ---- | C] () -- C:\Users\James\Desktop\c-skate3.dvd [2010/09/19 02:10:54 | 3543,728,127 | ---- | C] () -- C:\Users\James\Desktop\c-skate3.iso [2010/09/19 01:18:22 | 734,115,840 | ---- | C] () -- C:\Users\James\Desktop\the.apprentice.s10e01.hdtv.xvid-bajskorv.avi [2010/09/18 21:44:23 | 000,000,036 | ---- | C] () -- C:\Users\James\Desktop\Saboteur.dvd [2010/09/18 21:28:17 | 3543,728,127 | ---- | C] () -- C:\Users\James\Desktop\Saboteur.iso [2010/09/18 17:32:40 | 000,160,648 | ---- | C] () -- C:\Users\James\Desktop\SkillstrainReject.jpg [2010/09/17 18:22:43 | 000,040,201 | -H-- | C] () -- C:\Users\James\Desktop\mvstcdxx.lst [2010/09/17 17:57:22 | 000,010,350 | -HS- | C] () -- C:\Users\James\Desktop\AlbumArt_{6EC985A0-492F-4E86-A0C1-28C417C175D3}_Large.jpg [2010/09/17 17:57:22 | 000,002,570 | -HS- | C] () -- C:\Users\James\Desktop\AlbumArt_{6EC985A0-492F-4E86-A0C1-28C417C175D3}_Small.jpg [2010/09/17 17:55:31 | 000,037,041 | -HS- | C] () -- C:\Users\James\Desktop\AlbumArt_{A89D4A86-63B8-4C0C-AF07-9BFC72B33F10}_Large.jpg [2010/09/17 17:55:31 | 000,008,238 | -HS- | C] () -- C:\Users\James\Desktop\AlbumArt_{A89D4A86-63B8-4C0C-AF07-9BFC72B33F10}_Small.jpg [2010/09/12 17:29:10 | 000,001,012 | ---- | C] () -- C:\Users\James\Desktop\Audacity 1.3 Beta (Unicode).lnk [2010/09/04 22:14:52 | 733,497,854 | ---- | C] () -- C:\Users\James\Desktop\Tooth Fairy 2.avi [2010/09/03 20:02:00 | 733,956,096 | ---- | C] () -- C:\Users\James\Desktop\Band of Brothers 5.avi [2010/09/03 19:45:00 | 733,503,488 | ---- | C] () -- C:\Users\James\Desktop\Band of Brothers 3.avi [2010/09/03 19:33:00 | 733,782,016 | ---- | C] () -- C:\Users\James\Desktop\Band of Brothers 4.avi [2010/09/03 14:22:39 | 198,123,790 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/09/03 00:21:42 | 733,839,360 | ---- | C] () -- C:\Users\James\Desktop\Band of Brothers 9.avi [2010/09/03 00:21:42 | 733,794,304 | ---- | C] () -- C:\Users\James\Desktop\Band of Brothers 8.avi [2010/09/03 00:20:10 | 733,597,696 | ---- | C] () -- C:\Users\James\Desktop\Band of Brothers 10.avi [2010/09/03 00:20:10 | 733,122,560 | ---- | C] () -- C:\Users\James\Desktop\Band of Brothers 7.avi [2010/09/03 00:19:10 | 734,132,224 | ---- | C] () -- C:\Users\James\Desktop\Band of Brothers 2.avi [2010/09/03 00:18:10 | 733,003,776 | ---- | C] () -- C:\Users\James\Desktop\Band of Brothers 1.avi [2010/09/03 00:13:02 | 733,372,416 | ---- | C] () -- C:\Users\James\Desktop\Band of Brothers 6.avi [2010/09/01 16:56:20 | 000,000,018 | ---- | C] () -- C:\freemem.vbe [2010/08/29 15:13:13 | 008,288,706 | ---- | C] () -- C:\Users\James\Desktop\ipdl.exe [2010/08/27 00:14:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010/08/21 22:50:29 | 000,002,118 | ---- | C] () -- C:\Users\James\.recently-used.xbel [2010/08/20 20:00:31 | 000,000,022 | ---- | C] () -- C:\Windows\pspvc_path.ini [2010/08/10 16:20:03 | 000,000,614 | ---- | C] () -- C:\ProgramData\lxdxDiagnostics.log [2010/08/10 16:19:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt [2010/08/10 15:48:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll [2010/08/10 15:47:08 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll [2010/08/10 15:44:08 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini [2010/08/10 15:43:47 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll [2010/08/10 15:33:36 | 000,000,084 | ---- | C] () -- C:\Windows\WinInit.Ini [2010/08/10 11:45:07 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll [2010/08/10 11:45:07 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll [2010/08/10 02:51:39 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll [2010/08/09 11:36:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll [2010/08/09 11:36:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL [2010/08/08 23:13:45 | 000,000,551 | ---- | C] () -- C:\Users\James\AppData\Roaming\AutoGK.ini [2010/06/28 12:54:12 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010/06/08 01:08:52 | 000,406,910 | ---- | C] () -- C:\Users\James\AppData\Local\blinkboxDesktopInstall.log [2010/05/04 01:29:55 | 000,000,036 | ---- | C] () -- C:\Users\James\AppData\Local\housecall.guid.cache [2010/04/26 00:16:29 | 000,008,056 | ---- | C] () -- C:\Users\James\AppData\Roaming\com.koingosw.AlarmClockPro9.xml [2010/04/23 17:26:11 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2010/04/03 17:12:15 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/03/30 17:39:49 | 000,007,605 | ---- | C] () -- C:\Users\James\AppData\Local\Resmon.ResmonCfg [2010/03/28 02:34:54 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010/03/24 14:21:59 | 000,000,093 | ---- | C] () -- C:\Users\James\AppData\Local\fusioncache.dat [2010/03/16 14:13:40 | 000,000,025 | ---- | C] () -- C:\Users\James\AppData\Roaming\bdfvconp.ini [2010/02/03 06:02:48 | 000,453,024 | ---- | C] () -- C:\Program Files\setup.exe [2010/02/03 06:02:22 | 128,342,575 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2010/02/03 06:01:10 | 010,175,488 | ---- | C] () -- C:\Program Files\openofficeorg32.msi [2010/02/01 23:16:08 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008/07/26 15:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010/08/30 17:36:48 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\abgx360 [2010/06/03 03:52:14 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Amazon [2010/09/12 18:13:02 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Audacity [2010/04/14 21:52:08 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\AVG9 [2010/04/19 22:39:17 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2010/03/12 02:47:16 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\BitDefender [2010/03/28 16:17:51 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\DAEMON Tools Lite [2010/04/21 01:40:38 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Datel [2010/04/15 17:18:18 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\EA [2010/08/16 04:26:47 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\FontCreator [2010/08/29 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\GameHouse [2010/04/25 00:52:26 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\GlobalSCAPE [2010/08/21 22:50:29 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0 [2010/03/28 22:27:10 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\ImgBurn [2010/03/28 05:47:26 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\K-Meleon [2010/03/11 04:19:52 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Leadertech [2010/08/10 16:19:08 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Lexmark Productivity Studio [2010/03/11 16:58:54 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Megaupload [2010/06/18 11:18:07 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\MegauploadToolbar [2010/05/19 19:05:44 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Microgaming [2010/03/16 01:39:51 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\OpenOffice.org [2010/09/05 18:39:26 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\QuickScan [2010/09/19 13:49:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\SystemRequirementsLab [2010/08/06 17:43:05 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Thinstall [2010/09/19 03:19:05 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\uTorrent [2010/04/05 19:40:06 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job [2010/04/05 19:40:06 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job [2010/04/05 19:40:06 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job [2010/04/05 19:40:06 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job [2010/08/18 12:33:27 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < etsvcs > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/03/28 02:34:54 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8CE646EE @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:436DEE1E < End of report > Thanks again :p Edited September 20, 2010 by Starbuck Quote
foreverinsane Posted September 20, 2010 Author Posted September 20, 2010 Hey, just got on found that both "Hide extensions for known file types" and "hide protected operating system files (Recommended)" with unchecked and "show hidden files, folders and drives" was selected (I realised as there was stuff on my desktop that I have very limited knowledge about (all I know id they are operating system files (or think so anyway (desktop.ini & mvstcdxx.lst). Thanks. Quote
Starbuck Posted September 20, 2010 Posted September 20, 2010 Hi foreverinsane, just got on found that both "Hide extensions for known file types" and "hide protected operating system files (Recommended)" with unchecked and "show hidden files, folders and drives" was selected (I realised as there was stuff on my desktop that I have very limited knowledge about (all I know id they are operating system files (or think so anyway (desktop.ini & mvstcdxx.lst). This could have been altered by OTL. it unhides files etc so that it can create a better report. You seem to like to download films from the internet? P2P Warning Please note that as long as you're using any form of Peer-to-Peer networking ( Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme. Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use. When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections. You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation. If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you. Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :oTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. @Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8CE646EE @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:436DEE1E :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista or Win 7, you may not see this screen Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. In your next reply, please submit: Otl fix report Combofix.txt Thanks. Quote Member of:UNITE
foreverinsane Posted September 20, 2010 Author Posted September 20, 2010 Yes I do download some TV, but not very much. Very rarely though (only because I dont want to pay lots for something which I'm only going to use for 30 minutes). Anyway, here are the reports: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found. ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully. ADS C:\ProgramData\Temp:8CE646EE deleted successfully. ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully. ADS C:\ProgramData\Temp:436DEE1E deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jackie ->Temp folder emptied: 19711 bytes ->Temporary Internet Files folder emptied: 60283165 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 58500 bytes User: James ->Temp folder emptied: 8334 bytes ->Temporary Internet Files folder emptied: 3590267 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 223749331 bytes ->Flash cache emptied: 56058 bytes User: Mcx1-MUWHAHAHA-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Michelle User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 318220 bytes RecycleBin emptied: 18338573 bytes Total Files Cleaned = 292.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Jackie ->Flash cache emptied: 0 bytes User: James ->Flash cache emptied: 0 bytes User: Mcx1-MUWHAHAHA-PC ->Flash cache emptied: 0 bytes User: Michelle User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.14.0 log created on 09202010_230644 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. Registry entries deleted on Reboot... ComboFix 10-09-20.02 - James 20/09/2010 23:26:31.1.1 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3006.2275 [GMT 1:00] Running from: c:\users\James\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\\setup.exe c:\program files\Setup.exe . ((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 ))))))))))))))))))))))))))))))) . 2010-09-20 22:37 . 2010-09-20 22:38 -------- d-----w- c:\users\James\AppData\Local\temp 2010-09-20 22:37 . 2010-09-20 22:37 -------- d-----w- c:\users\Mcx1-MUWHAHAHA-PC\AppData\Local\temp 2010-09-20 22:37 . 2010-09-20 22:37 -------- d-----w- c:\users\Jackie\AppData\Local\temp 2010-09-20 22:37 . 2010-09-20 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-20 22:06 . 2010-09-20 22:06 -------- d-----w- C:\_OTL 2010-09-19 12:49 . 2010-09-19 12:49 -------- d-----w- c:\program files\SystemRequirementsLab 2010-09-19 12:49 . 2010-09-19 12:49 92280 ----a-w- c:\users\James\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll 2010-09-19 12:49 . 2010-09-19 12:49 -------- d-----w- c:\users\James\AppData\Roaming\SystemRequirementsLab 2010-09-19 02:52 . 2010-09-19 02:52 388096 ----a-r- c:\users\James\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-19 02:52 . 2010-09-19 02:52 -------- d-----w- c:\program files\Trend Micro 2010-09-15 18:30 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-12 16:32 . 2010-09-12 16:32 -------- d-----w- c:\program files\Lame for Audacity 2010-09-12 16:29 . 2010-09-12 17:13 -------- d-----w- c:\users\James\AppData\Roaming\Audacity 2010-09-12 16:28 . 2010-09-12 16:29 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2010-09-08 22:09 . 2010-09-08 22:09 53248 ----a-w- c:\users\James\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000005700002h\WINWORD.EXE 2010-09-02 01:34 . 2010-09-19 02:19 -------- d-----w- c:\users\James\AppData\Roaming\vlc 2010-09-01 15:56 . 2010-09-01 15:56 18 ----a-w- C:\freemem.vbe 2010-08-29 22:39 . 2010-08-29 22:39 -------- d-----w- c:\programdata\n7-89-o9-3r-4t-r9 2010-08-29 22:39 . 2010-08-29 22:39 -------- d-----w- c:\users\James\AppData\Roaming\GameHouse 2010-08-29 22:39 . 2010-08-29 22:39 -------- d-----w- c:\program files\GameHouse 2010-08-29 14:13 . 2010-09-14 12:51 -------- d-----w- c:\users\James\eee 2010-08-28 22:23 . 2010-08-28 22:23 -------- d-----w- c:\program files\MPC HomeCinema 2010-08-26 23:17 . 2010-08-26 23:17 -------- d-----w- c:\users\James\AppData\Local\Nero 2010-08-26 23:09 . 2010-08-26 23:09 -------- d-----w- c:\users\James\AppData\Roaming\Nero 2010-08-26 22:37 . 2010-08-26 22:37 -------- d-----w- c:\programdata\Nero 2010-08-26 22:36 . 2010-08-26 22:37 -------- d-----w- c:\program files\Common Files\Nero 2010-08-26 22:36 . 2010-08-26 22:36 -------- d-----w- c:\program files\Nero 2010-08-26 22:23 . 2010-08-26 22:23 -------- d-----w- c:\program files\Common Files\LightScribe 2010-08-25 17:20 . 2010-09-12 02:20 -------- d-----w- c:\users\James\Complaints 2010-08-24 22:21 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll 2010-08-22 13:12 . 2010-08-22 13:12 -------- d-----w- c:\program files\Veetle . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-20 22:39 . 2010-05-04 01:44 -------- d-----w- c:\programdata\Kontiki 2010-09-20 13:09 . 2010-06-03 12:34 -------- d-----w- c:\users\James\AppData\Roaming\QuickScan 2010-09-20 13:07 . 2010-03-16 16:09 -------- d-----w- c:\program files\JDownloader 2010-09-19 21:15 . 2010-03-11 01:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-19 19:47 . 2010-08-06 17:29 -------- d-----w- c:\programdata\Microsoft Help 2010-09-19 02:21 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Portable Devices 2010-09-19 02:19 . 2010-03-11 18:50 -------- d-----w- c:\users\James\AppData\Roaming\uTorrent 2010-09-19 02:18 . 2010-08-10 14:51 -------- d-----w- c:\programdata\Lx_cats 2010-09-19 02:18 . 2010-03-19 13:30 -------- d-----w- c:\program files\SureThing CD Labeler 5 2010-09-19 02:14 . 2010-03-11 19:43 -------- d-----w- c:\users\James\AppData\Roaming\Skype 2010-09-12 02:22 . 2010-08-12 18:19 -------- d-----w- c:\program files\New Star Soccer 3 2010-09-04 03:42 . 2010-03-12 00:00 -------- d-----w- c:\program files\Microsoft Silverlight 2010-09-02 07:17 . 2010-05-15 06:49 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2010-09-02 07:16 . 2010-05-20 06:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2010-08-30 16:36 . 2010-03-28 19:49 -------- d-----w- c:\users\James\AppData\Roaming\abgx360 2010-08-30 02:30 . 2010-03-11 18:51 -------- d-----w- c:\program files\uTorrent 2010-08-28 22:23 . 2010-04-09 13:42 -------- d-----w- c:\users\James\AppData\Roaming\Media Player Classic 2010-08-22 13:04 . 2010-03-13 15:34 -------- d-----w- c:\program files\SopCast 2010-08-21 21:50 . 2010-03-23 23:40 -------- d-----w- c:\users\James\AppData\Roaming\gtk-2.0 2010-08-20 19:02 . 2010-08-20 19:02 -------- d-----w- c:\program files\Combined Community Codec Pack 2010-08-20 19:00 . 2010-08-20 19:00 -------- d-----w- c:\program files\pspvc 2010-08-20 19:00 . 2010-03-11 12:36 -------- d-----w- c:\program files\AviSynth 2.5 2010-08-17 21:31 . 2010-08-17 21:30 -------- d-----w- c:\program files\S3 2010-08-17 21:30 . 2010-03-10 22:27 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-16 21:46 . 2010-03-11 19:42 -------- d-----w- c:\program files\PokerStars 2010-08-16 13:19 . 2010-08-16 13:19 -------- d-----w- c:\program files\InkSaver 2010-08-16 13:16 . 2010-06-30 14:31 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-16 09:39 . 2010-06-17 10:35 -------- d-----w- c:\program files\Google 2010-08-16 03:26 . 2010-08-10 13:53 -------- d-----w- c:\users\James\AppData\Roaming\FontCreator 2010-08-16 03:24 . 2010-03-16 00:38 -------- d-----w- c:\program files\OpenOffice.org 3 2010-08-16 03:18 . 2010-08-16 03:18 -------- d-----w- c:\program files\Defraggler 2010-08-14 22:51 . 2010-06-05 18:42 -------- d-----w- c:\users\James\AppData\Roaming\dvdcss 2010-08-14 22:37 . 2010-08-14 22:37 -------- d-----w- c:\program files\MagicDVDRipper 2010-08-14 22:37 . 2010-08-14 22:37 -------- d-----w- c:\programdata\MagicSoftware 2010-08-12 01:08 . 2010-08-12 01:08 164352 ----a-w- c:\windows\system32\SpoonUninstall.exe 2010-08-12 00:53 . 2010-08-12 00:53 -------- d-----w- c:\program files\Common Files\Java 2010-08-12 00:52 . 2010-08-12 00:52 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-12 00:44 . 2010-08-12 00:44 93118 ----a-w- c:\users\James\cc_20100812_014421.reg 2010-08-12 00:43 . 2010-08-12 00:43 -------- d-----w- c:\program files\CCleaner 2010-08-11 15:25 . 2010-08-10 14:45 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint 2010-08-11 15:22 . 2010-08-10 10:28 -------- d-----w- c:\users\James\AppData\Roaming\FaxCtr 2010-08-10 15:20 . 2010-08-10 15:20 -------- d-----w- c:\programdata\Lexmark 3600-4600 Series 2010-08-10 15:19 . 2010-08-09 11:46 -------- d-----w- c:\users\James\AppData\Roaming\Lexmark Productivity Studio 2010-08-10 14:50 . 2010-08-10 14:43 -------- d-----w- c:\program files\Lexmark 3600-4600 Series 2010-08-10 14:34 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar 2010-08-10 14:34 . 2010-04-11 18:22 -------- d-----w- c:\program files\QuickTime 2010-08-10 14:34 . 2010-03-19 13:54 -------- d-----w- c:\program files\ImgBurn 2010-08-10 14:34 . 2010-03-30 01:37 -------- d-----w- c:\program files\DAMN NFO Viewer 2010-08-10 14:34 . 2010-04-06 01:27 -------- d-----w- c:\program files\AVG 2010-08-10 14:32 . 2010-08-10 14:32 -------- d-----w- c:\programdata\App4rTemp 2010-08-10 04:55 . 2010-08-10 04:54 -------- d-----w- c:\users\Jackie\AppData\Roaming\FaxCtr 2010-08-09 10:36 . 2010-08-09 10:36 -------- d-----w- c:\programdata\FaxCtr 2010-08-09 10:34 . 2010-08-09 10:34 -------- d-----w- c:\program files\Lexmark Toolbar 2010-08-07 12:46 . 2010-03-16 00:39 1 ----a-w- c:\users\James\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-08-07 00:44 . 2010-03-10 22:24 134200 ----a-w- c:\users\James\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-06 19:39 . 2010-08-06 17:44 -------- d-----w- c:\program files\Microsoft Works 2010-08-06 17:43 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild 2010-08-06 17:39 . 2010-06-23 18:55 -------- d-----w- c:\program files\Microsoft.NET 2010-08-06 17:33 . 2010-08-06 17:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-08-06 16:43 . 2010-08-06 16:43 -------- d-----w- c:\users\James\AppData\Roaming\Thinstall 2010-07-29 06:30 . 2010-08-11 11:57 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30 . 2010-08-11 11:57 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-07-06 10:39 . 2010-07-06 10:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-07-04 10:25 . 2010-07-04 10:23 82936 ----a-w- c:\users\Jackie\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-01 14:02 . 2010-07-01 14:02 524288 ----a-w- c:\users\James\biosupdate.BIN 2010-06-30 06:25 . 2010-08-11 11:58 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-27 18:14 . 2010-06-27 18:14 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-02-03 05:02 . 2010-02-03 05:02 128342575 ----a-w- c:\program files\openofficeorg1.cab 2010-02-03 05:01 . 2010-02-03 05:01 10175488 ----a-w- c:\program files\openofficeorg32.msi 2010-02-01 22:16 . 2010-02-01 22:16 290 ----a-w- c:\program files\setup.ini 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-10 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "S3Trayp"="S3trayp.exe -chkautorun" [X] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328] "lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "InkSaver"="c:\program files\InkSaver\InkSaver.exe" [2003-10-20 458752] "S3Funkey"="S3Funkey.exe" [2008-03-05 102400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tenda W54P.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Tenda W54P.lnk backup=c:\windows\pss\Tenda W54P.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk] path=c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-03-12 22:02 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-03-10 23:48 135664 ----atw- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-06-15 15:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] 2008-10-21 09:26 1032640 ----a-w- c:\program files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-06-17 11:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 13:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176] R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2009-10-16 94208] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920] R3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x] R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-06-22 122448] R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-06-22 30288] R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-06-22 20560] R3 FXDrv32;FXDrv32;c:\program files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [x] R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [2009-01-29 74392] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-28 691696] S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-06-22 25168] S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-22 52872] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-22 24856] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-22 243024] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-26 95024] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128] S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-08-06 921952] S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136] S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-22 2331032] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968] S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600] S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [2010-04-07 376160] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 11:54] 2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 11:54] 2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-697917847-396951455-3782274156-1000Core.job - c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-10 23:48] 2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-697917847-396951455-3782274156-1000UA.job - c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-10 23:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.co.uk/ uInternet Settings,ProxyServer = 192.168.1.4:8123 uInternet Settings,ProxyOverride = plimus.com;http://www.plimus.com;regnow.com;www.regnow.com;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\t1a8gwx1.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\users\James\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />" "Device"="yM29zbvPzMnLvrm+x8fPzce+zro=" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-09-20 23:41:51 ComboFix-quarantined-files.txt 2010-09-20 22:41 Pre-Run: 88,064,032,768 bytes free Post-Run: 87,961,182,208 bytes free - - End Of File - - C9D283DDC007B6B903A727F0A9FD4ED8 Quote
Starbuck Posted September 20, 2010 Posted September 20, 2010 Hi foreverinsane, How is your system running now? Still having problems? Quote Member of:UNITE
Starbuck Posted September 21, 2010 Posted September 21, 2010 As my PM explained, i'll be away until this weekend. But i'd like to get an online scan done..... there's not a lot of malware showing in the reports, hopefully an online scan will help to rule out a malware problem. I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Thanks Quote Member of:UNITE
foreverinsane Posted September 22, 2010 Author Posted September 22, 2010 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=bf0b971958457e479ac7bcc28041b588 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-09-21 09:52:38 # local_time=2010-09-21 10:52:38 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 235620 235620 0 0 # compatibility_mode=1029 16777213 100 100 1557 13155256 0 0 # compatibility_mode=5893 16776574 100 94 14943018 37566748 0 0 # compatibility_mode=8192 67108863 100 0 163 163 0 0 # scanned=137573 # found=1 # cleaned=1 # scan_time=5601 C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll Win32/Toolbar.MegaUpload application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Quote
Starbuck Posted September 26, 2010 Posted September 26, 2010 Hi foreverinsane, Thanks for being patient. The item that Eset removed wasn't anything major. How are things running now? Quote Member of:UNITE
foreverinsane Posted September 26, 2010 Author Posted September 26, 2010 Hey, How was your trip? Yeah its running fine now, nothing suspicious happening. Thank you. ;) The thing Eset removed was safe, but iv uninstalled the whole thing anyway, it was useless. Quote
Starbuck Posted September 28, 2010 Posted September 28, 2010 Hi foreverinsane, How was your trip? It went well thanks. Didn't realise how expensive Switzerland was though .... I'm glad i was working and not holidaying. :) its running fine now, nothing suspicious happening. Thank you That's good to hear. Let's finish off then. Step 1 Please double-click OTL.exe to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will remove any programs we have asked you to download along with there associated folders.. plus itself. Note: MBAM will not be removed Step 2 Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. When you uncheck a disk you will be presented with a screen. You should click on the Turn System Protection Off button. Click Apply and then OK. Reboot your computer. Now: Click on Start... Control Panel... System and Maintenance... System Click on System Protection in the left-hand task list. Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. Click Apply and then OK. Your System restore will now be active again... starting with a new restore point. To find out how you may have been infected....read this topic: So how did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir ....installation guide Here Avast free Bitdefender Free MS Security Essentials ... see note* ...installation guide Here Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below Outpost Firewall Free Sunbelt Personal Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: CCleaner TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using and installing SpywareBlaster [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.