GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Crossrider.exe

View previous topic View next topic Go down

Crossrider.exe

Post by Ben2289 on Fri Oct 28, 2011 10:15 am

I'd really appreciate any advice you might be able to offer. My laptop was running fine and then froze mid-use. It was unresponsive, so I was forced to turn it off at the power. Since then it's been running slower and occasionally freezes when I try to access files/programmes from the Start Menu. Every time I've booted it since it crashes. I attempted two system restores, and they've not changed anything. I ran a Malwarebytes scan and it returned nothing. However when it does boot, AVG reports that "Crossrider.exe" as well as some hkey registry files are threats. For some reason that hasn't popped up now. I'm not even sure this is a Malware problem, but have followed the necessary steps.

Ben2289
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2011-10-28
OS : XP
Points : 18753
# Likes : 0

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Ben2289 on Fri Oct 28, 2011 10:15 am

OTL logfile created on: 28/10/2011 13:39:53 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ben\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.85% Memory free
6.13 Gb Paging File | 4.54 Gb Available in Paging File | 74.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 95.53 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive D: | 186.30 Gb Total Space | 181.18 Gb Free Space | 97.25% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 13:38:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.com
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/05/15 23:01:44 | 000,478,720 | ---- | M] () -- C:\Program Files\CROSSRIDERWEBAPPS\Crossrider.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/08/19 20:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2009/08/17 09:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/08/12 14:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 16:12:40 | 000,412,728 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 16:12:39 | 003,696,184 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 16:11:13 | 000,142,568 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 16:11:12 | 000,253,320 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 16:11:10 | 002,403,240 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/05/15 23:01:44 | 000,478,720 | ---- | M] () -- C:\Program Files\CROSSRIDERWEBAPPS\Crossrider.exe
MOD - [2011/03/21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/08/15 23:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/13 21:22:53 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/05 15:37:38 | 001,766,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/05 06:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008/12/24 09:39:44 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2008/11/03 08:03:28 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/07/24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006/11/02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/10/13 21:32:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/07/09 14:45:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 19:15:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 09:44:44 | 000,000,000 | ---D | M]

[2010/07/05 13:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2011/09/29 03:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\bd3ckc2r.default\extensions
[2010/07/07 21:11:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\bd3ckc2r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/01 13:57:11 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\bd3ckc2r.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/10/10 19:15:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/06 20:57:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/07 21:10:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 11:13:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 18:25:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/10 20:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/03 20:05:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/13 21:32:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BD3CKC2R.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BD3CKC2R.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/09/29 08:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/11 17:52:02 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2011/09/29 02:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 02:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/29 02:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 02:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ben\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Turn Off the Lights = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.12_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Facebook = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1_0\
CHR - Extension: Tumblr Sidebr = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\edimojgejcmdanhinedfojglhhpfebdn\1.0_1\
CHR - Extension: AdBlock = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\
CHR - Extension: Eye Dropper = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.5.1_0\
CHR - Extension: AVG Safe Search = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Premiumplay Codec-C = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.12.21_0\
CHR - Extension: Premiumplay Codec-C = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.13.21_0\
CHR - Extension: StumbleUpon = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\3.10.11.1_0\
CHR - Extension: Illimitux = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\
CHR - Extension: The Independent = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdonfjaemnemdnnpebbcelibeocdmkai\1.6.1_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.6_0\
CHR - Extension: Google Mail Checker = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Facebook Notifications = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.22_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.7_0\
CHR - Extension: Tumblr Sidebr = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\onpcohaloldmmjgecbekkcjajmacicja\2.0_0\
CHR - Extension: Late Night = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CROSSRIDERWEBAPPS\Crossrider.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files\CROSSRIDERWEBAPPS\Crossrider.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [You must be registered and logged in to see this link.] (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBEB7CF1-C960-4698-A59B-2F1111BC7898}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ben\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ben\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK - C:\Program Files\vghd\vghd.exe - (Totem Entertainment)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7ED7F119-4485-CF6D-06BE-886967EE7B7F} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 13:38:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.com
[2011/10/27 16:47:40 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{9545EF45-4606-46EA-8748-719AE073802A}
[2011/10/27 16:47:29 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{244A7624-8FDB-4EB0-BC26-AA6B9208F1A3}
[2011/10/25 22:28:45 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{0F6F210A-165A-40E5-BD80-F79BA629F89E}
[2011/10/25 22:28:34 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{75554C6F-84FC-4A1B-8FF0-2174A175779A}
[2011/10/25 00:34:36 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{627148C3-24FC-4C56-8856-A0D937C78BF1}
[2011/10/25 00:34:25 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F9A62DFB-769D-46AD-AFAB-31DBDB0ABD8C}
[2011/10/23 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F6686DA9-D510-4A3A-B0C0-F420C9B2F311}
[2011/10/23 21:27:26 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A0F614B4-A8F3-4566-AB01-994B2DD81C47}
[2011/10/22 15:05:04 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{8F6BB0C2-99C7-4BB0-9724-6E4EA9A87146}
[2011/10/22 15:04:54 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D5797C15-E4BD-4B16-965B-A409DE6E688F}
[2011/10/21 19:36:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{CFCEA805-96A9-4B6E-A537-55AC740B30FA}
[2011/10/21 19:36:40 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{105BD41A-ACF9-4C01-82C9-96F532BD838E}
[2011/10/20 22:44:22 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{1860A940-32D9-481D-9A7F-E457189F6CDD}
[2011/10/20 22:44:11 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{AFFDFC91-3993-4479-903E-07F26D2ECED2}
[2011/10/19 22:13:56 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{87C78A9E-C305-4B3F-85E7-BDFC8764D364}
[2011/10/19 22:13:43 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{63AAED08-32B1-4C84-AD4E-A7AE5AB09BA3}
[2011/10/18 19:57:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{CF026885-94FF-4922-A43A-219E990CE281}
[2011/10/18 19:57:40 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{C7B713FC-0073-4C24-8CAD-8BF737BC35CB}
[2011/10/17 21:01:47 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{9C0C9940-7276-4F4E-ABDE-B081124248DF}
[2011/10/17 21:01:35 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{8952387D-4901-460D-BB19-F820DA7431DB}
[2011/10/16 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{5407B2B2-1776-49A7-9712-ED98B33F25F5}
[2011/10/16 21:02:45 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B1078D43-D9FD-4943-AE26-23F99F07F56E}
[2011/10/16 01:35:13 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{8D008384-C919-47ED-BD40-CB7A69994B79}
[2011/10/16 01:35:02 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{0446D2F8-1045-4005-88D9-BE9BB4FE3A42}
[2011/10/15 13:34:35 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{311FDA74-AF72-4599-A28A-550C260BDAFE}
[2011/10/15 13:34:24 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{84CD1275-2B63-4AC8-B545-1BABD8159F75}
[2011/10/14 18:53:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4871EDBA-7189-4C42-8F37-13313757A1C0}
[2011/10/14 18:53:16 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{AA1392EC-EF02-47F2-A015-130DA3A7BFC2}
[2011/10/13 21:26:12 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{3AFB9E75-83AA-4903-A184-49FAF1542693}
[2011/10/13 21:25:59 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{C48502AA-0855-48A4-AED6-3098974D085A}
[2011/10/12 19:25:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{3A0E6CF3-C260-4F3D-AB8C-D94DDA9698CD}
[2011/10/12 19:25:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D9C86171-FF4D-4231-A896-C689443F06D9}
[2011/10/11 19:11:21 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{5DEC4AC7-A93D-4F9F-9E0E-B91317013319}
[2011/10/11 19:11:06 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{3CEB0B02-343D-42A4-9154-0CEFB97B9ECB}
[2011/10/10 20:11:44 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B520DC57-4B9A-4A0E-9780-2FDE3D58149B}
[2011/10/10 20:11:33 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{DE70AAAC-CFB4-45E1-940E-3BFFEF62DC6F}
[2011/10/10 01:11:47 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D0895A43-F70A-489E-B4F2-199F1CFE2A98}
[2011/10/10 01:11:35 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A6BFA210-4FB9-41CA-AF03-D7B1089F2C0E}
[2011/10/09 13:11:22 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7F55DE89-7CC6-4992-8B41-408B0606BEC0}
[2011/10/09 13:11:10 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F418C1C2-7BA9-4AC3-8D01-1BD85328F381}
[2011/10/09 01:10:58 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{ABD6719C-65DB-4C5C-B62A-98A01A77E6CD}
[2011/10/09 01:10:47 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{DCFB5B75-6D6F-4CF2-A53C-33354BF793E0}
[2011/10/08 13:10:22 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{829FAF79-7531-4D4B-B832-FB97CE9D8C6D}
[2011/10/08 13:10:12 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B8CB7C70-62F1-4351-B669-E2866713E998}
[2011/10/08 00:10:19 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{3CBF74FF-D237-47BB-82A9-D569ECEB24FC}
[2011/10/08 00:10:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7382F967-1DB9-4E52-ACCE-C63D84876E55}
[2011/10/07 16:04:49 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{02C20013-9374-463B-9CA9-0B532B7EB2AD}
[2011/10/07 16:04:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{CC550F42-175F-4411-897E-39D36BC3C818}
[2011/10/06 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{BD640539-FEDE-4137-B4E1-2110ECE19C00}
[2011/10/06 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{192A1C9C-1E7E-4F4F-8B3D-FC457F9463C1}
[2011/10/04 19:44:22 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{53DE2956-A6D6-4A21-BFC6-FA07C28891F6}
[2011/10/04 19:44:10 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7B33065D-1ADD-4D94-8340-ECDD47650410}
[2011/10/03 00:39:01 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F65FE789-0E5A-488C-89AE-C7A7DEFCEE1B}
[2011/10/03 00:38:49 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{F3762E7C-418B-406F-A66F-AD8E51DEE781}
[2011/10/02 13:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut
[2011/10/02 13:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\RegInOut
[2011/10/02 12:38:25 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{AD4134BE-DBF3-4AB8-A317-302921960FE2}
[2011/10/02 12:38:13 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D0F0262E-A341-495C-B282-66BDE0532E23}
[2011/09/28 23:24:24 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{3E82E756-8355-4872-8F8F-84BC62C7201D}
[2011/09/28 23:24:13 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{69AE187D-6991-485B-80DD-3EDE90901EF6}
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/07/05 19:05:02 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011/10/28 13:38:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.com
[2011/10/28 13:38:42 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-906128887-385575201-483590772-1000UA.job
[2011/10/28 13:38:27 | 000,002,039 | ---- | M] () -- C:\Users\Ben\Desktop\Google Chrome.lnk
[2011/10/28 13:38:27 | 000,002,001 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/28 13:30:02 | 135,954,037 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/10/28 13:23:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 13:23:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 13:23:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/28 13:23:04 | 3184,615,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 03:36:26 | 000,000,680 | ---- | M] () -- C:\Users\Ben\AppData\Local\d3d9caps.dat
[2011/10/24 23:07:17 | 000,149,465 | ---- | M] () -- C:\Users\Ben\Desktop\day_for_night_internship_opportunities.pdf
[2011/10/13 21:37:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-906128887-385575201-483590772-1000Core.job
[2011/10/12 21:48:43 | 000,082,944 | ---- | M] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/10 19:15:19 | 000,000,877 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/10 19:15:19 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/10 19:12:36 | 000,260,753 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/10/08 13:20:25 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/08 13:20:25 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/07 22:50:06 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/10/28 03:58:13 | 3184,615,424 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/24 23:07:20 | 000,149,465 | ---- | C] () -- C:\Users\Ben\Desktop\day_for_night_internship_opportunities.pdf
[2011/10/10 19:15:19 | 000,000,877 | ---- | C] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/21 18:23:08 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys
[2010/12/21 18:23:08 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/07 14:29:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/07 14:29:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/07/07 14:29:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/07/05 16:26:59 | 000,082,944 | ---- | C] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/05 13:49:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/05 11:35:42 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/05 11:33:24 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/07/05 10:51:38 | 000,000,680 | ---- | C] () -- C:\Users\Ben\AppData\Local\d3d9caps.dat
[2009/06/05 18:14:40 | 001,766,592 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/06/05 18:14:40 | 000,035,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/04/16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,380,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,600,378 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2010/12/17 03:17:30 | 001,188,357 | ---- | M] () -- C:\Users\Ben\Desktop\UCL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/09/29 08:09:46 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/09/29 08:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/09/29 08:09:46 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/09/29 08:09:46 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/10/28 13:23:43 | 000,003,744 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 13:23:43 | 000,003,744 | -H-- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/07/11 14:55:18 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2011/03/05 22:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/07/05 13:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/05 15:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\ASUS
[2010/07/05 15:19:10 | 000,000,000 | ---D | M] -- C:\Program Files\ATKGFNEX
[2010/12/04 22:04:40 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/07/05 13:37:41 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/07/11 17:10:41 | 000,000,000 | ---D | M] -- C:\Program Files\Comical
[2011/10/28 03:56:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/10/28 03:56:53 | 000,000,000 | ---D | M] -- C:\Program Files\CROSSRIDERWEBAPPS
[2011/10/28 03:56:53 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/09/09 21:21:12 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2010/11/22 22:07:05 | 000,000,000 | ---D | M] -- C:\Program Files\ImageShack Uploader
[2010/07/05 15:56:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/05 11:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/08/10 14:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/05 13:40:33 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/07/05 13:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010/07/05 13:40:56 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/07/03 20:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/05/29 13:48:51 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/28 03:56:53 | 000,000,000 | ---D | M] -- C:\Program Files\ManyCam
[2010/07/06 18:33:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/07/05 12:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/10/28 03:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/07/05 12:49:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/07/05 12:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/07/06 18:20:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/07/05 12:49:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/03/06 12:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/10/10 19:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/07/05 12:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/12/11 17:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2010/07/05 13:39:56 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/10/02 13:28:56 | 000,000,000 | ---D | M] -- C:\Program Files\RegInOut
[2010/12/12 13:16:17 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2011/10/08 00:02:45 | 000,000,000 | ---D | M] -- C:\Program Files\Spotify
[2011/10/28 13:26:02 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2011/10/28 03:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2006/11/02 14:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/05 14:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2011/10/07 22:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\vghd
[2010/07/05 14:20:58 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011/03/06 12:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2011/03/06 12:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/03/06 12:28:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/03/06 12:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/08/10 12:43:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/05/11 20:10:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/03/06 12:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/03/06 12:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2011/05/11 20:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/03/06 12:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2009/02/11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009/02/11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-08 10:13:01

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/30 16:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/30 16:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/30 16:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/09/30 16:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/11 19:43:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/11 19:43:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/11 19:43:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/11 19:43:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/11 19:43:25 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 08:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 08:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 08:09:49 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 08:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 08:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 08:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/30 16:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/30 16:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/30 16:12:41 | 001,030,200 | ---- | M] (Google Inc.)


Ben2289
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2011-10-28
OS : XP
Points : 18753
# Likes : 0

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Ben2289 on Fri Oct 28, 2011 10:15 am

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/09/30 16:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/11 19:43:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/11 19:43:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/11 19:43:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/11 19:43:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/11 19:43:25 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Ben2289
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2011-10-28
OS : XP
Points : 18753
# Likes : 0

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Ben2289 on Fri Oct 28, 2011 10:16 am

OTL Extras logfile created on: 28/10/2011 13:39:53 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ben\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.85% Memory free
6.13 Gb Paging File | 4.54 Gb Available in Paging File | 74.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 95.53 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive D: | 186.30 Gb Total Space | 181.18 Gb Free Space | 97.25% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2493422F-FAB8-4DF7-8C05-32489569CDD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{315A63AC-DAD5-4B8B-A045-910864A111C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{56D9A6FA-FBA8-46D7-AE4A-C0A3078BCAEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0CC375A-BF17-4427-9AF6-2F87F70F075A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D78E2D51-681D-4A9B-97C5-1CA7D894ADF0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0993A8C2-0838-4CE1-9F24-2581C9CA281A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0CF0FEDC-8BB4-4A4C-93B4-4023029DEEFD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\indiana jones and the last crusade\indiana jones and the last crusade.exe |
"{12800C0D-636B-496E-923D-63E5ECCC675F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1C84CB7D-D831-4C37-8AC7-AB4DD0E9B107}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\indiana jones and the last crusade\indiana jones and the last crusade.exe |
"{2B2850D0-3BE2-4CEF-8BCA-022F4E6320AE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\loom\loom.exe |
"{2CCED660-2BBB-423C-ADCF-673C4758D294}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{2DBD508D-3ABD-4EC2-BA4E-2CD95B5411C8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{34AC3D01-28E4-4BFA-96B5-EA1602438AE7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{35F254AD-8E0E-44E9-9783-3E07E13D5CBD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{409ECC8A-64F6-4A3B-81FB-B6E5AC61C81D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5931B0BD-4547-4092-BC15-FFE0D7C8C70E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{59765013-0011-46F2-97C5-97402C8DFC50}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{5A6F08C4-92D9-4B48-BBFA-6E11222EC3C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{69AE1171-C855-4CBD-959B-606AA4ECB473}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{6A54E10F-D2FF-4418-B819-BC30A65DE1AC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6CBCCF14-B0C1-45A2-BEAA-440ADB9DDA7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71B129C3-6F93-4797-84A1-C3CBE3677364}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{883C61D7-43F0-4226-9FBE-7DA522327CAC}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{8C831E52-5BB3-4F26-A946-FCEC48D0DEE2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8D7F96CF-CF56-41E5-A00B-30FACBC7B2B1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{94A7D4AE-8D0B-406B-B846-51383AE461C4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{9648F86E-D18E-402B-BA86-3E6229E257A6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9FF96DDB-D4AF-4EC4-9623-FC50F3E3A20D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A74EC3E5-9E27-4948-9709-FE5B796948F5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\indiana jones and the fate of atlantis\indiana jones and the fate of atlantis.exe |
"{A755E1D8-38C7-4C39-9985-906CA9A0D940}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B096C9C0-60B9-4D76-970B-4735BB5597B6}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B94F075A-866D-4706-8171-F08FE7FB172E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C439208B-80B1-44F1-89E5-713B34A4EEB5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the dig\the dig.exe |
"{D2EF5273-13A4-4DE7-BB6F-916235650F4F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D3CD7E10-8FD0-4012-BAD6-929B4555B7E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\loom\loom.exe |
"{D619CC7C-DC09-4B3E-BD39-856E7DE3FEEB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\indiana jones and the fate of atlantis\indiana jones and the fate of atlantis.exe |
"{E88B1946-27F7-405C-AFE9-7D41309F05CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the dig\the dig.exe |
"{F3D7944B-94F4-46B9-B2D4-848354B3DCFF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{462D3D62-DBFF-452C-A633-2F02246BBF5A}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{AA66A636-BF7D-4C2D-BAE9-E1B9588CA714}C:\users\ben\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ben\appdata\roaming\spotify\spotify.exe |
"UDP Query User{10C5B06C-FA49-4D1E-9507-998ACB91EBFD}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{C2C5E005-CE25-4268-9068-032CE70826D9}C:\users\ben\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ben\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E740C4-0F88-4673-9DAF-549E41A6CB21}" = AVG 2011
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7D543DFE-6459-462A-9A62-B5B012B1DCF1}" = AVG 2011
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2011
"Comical_is1" = Comical 0.8
"Crossrider" = Crossrider Web Apps
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.4.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.6.55 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"PopCap Browser Plugin" = PopCap Browser Plugin
"Spotify" = Spotify
"Steam App 32310" = Indiana Jones and the Last Crusade
"Steam App 32340" = Loom
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 400" = Portal
"Steam App 6010" = Indiana Jones and the Fate of Atlantis
"Steam App 6040" = The Dig
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TVWiz" = Intel(R) TV Wizard
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"uTorrent" = µTorrent
"vghd" = VirtuaGuy HD
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/10/2011 14:36:50 | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 538593

Error - 27/10/2011 14:36:50 | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 538593

Error - 27/10/2011 14:36:51 | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27/10/2011 14:36:51 | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 540590

Error - 27/10/2011 14:36:51 | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 540590

Error - 27/10/2011 18:40:37 | Computer Name = Ben-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/10/2011 18:49:35 | Computer Name = Ben-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/10/2011 19:00:14 | Computer Name = Ben-PC | Source = EventSystem | ID = 4609
Description =

Error - 27/10/2011 19:00:45 | Computer Name = Ben-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/10/2011 19:04:43 | Computer Name = Ben-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 14.0.835.202, time stamp
0x4e84cf5b, faulting module chrome.dll, version 14.0.835.202, time stamp 0x4e84cf05,
exception code 0x80000003, fault offset 0x0021d3b3, process id 0x3f8, application
start time 0x01cc94fccf537841.

[ System Events ]
Error - 27/10/2011 20:18:41 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 27/10/2011 20:18:41 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 27/10/2011 20:18:41 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 27/10/2011 20:18:41 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 27/10/2011 20:18:41 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 27/10/2011 20:20:55 | Computer Name = Ben-PC | Source = DCOM | ID = 10005
Description =

Error - 27/10/2011 20:34:06 | Computer Name = Ben-PC | Source = DCOM | ID = 10005
Description =

Error - 27/10/2011 22:01:40 | Computer Name = Ben-PC | Source = DCOM | ID = 10005
Description =

Error - 27/10/2011 23:03:27 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 27/10/2011 23:13:31 | Computer Name = Ben-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 04:05:01 on 28/10/2011 was unexpected.


< End of report >

Ben2289
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2011-10-28
OS : XP
Points : 18753
# Likes : 0

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Ben2289 on Fri Oct 28, 2011 10:17 am

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-28 14:14:18
-----------------------------
14:14:18.538 OS Version: Windows 6.0.6002 Service Pack 2
14:14:18.538 Number of processors: 2 586 0x170A
14:14:18.538 ComputerName: BEN-PC UserName: Ben
14:14:43.280 Initialize success
14:15:01.266 AVAST engine defs: 11102800
14:15:06.570 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:15:06.570 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
14:15:06.586 Disk 0 MBR read successfully
14:15:06.586 Disk 0 MBR scan
14:15:06.602 Disk 0 Windows VISTA default MBR code
14:15:06.617 Disk 0 scanning sectors +976771072
14:15:06.742 Disk 0 scanning C:\Windows\system32\drivers
14:15:20.111 Service scanning
14:15:21.359 Modules scanning
14:15:25.072 Disk 0 trace - called modules:
14:15:25.088 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
14:15:25.103 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bfe030]
14:15:25.103 3 CLASSPNP.SYS[8a3a38b3] -> nt!IofCallDriver -> [0x8474a518]
14:15:25.103 5 acpi.sys[8069a6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85180028]
14:15:28.863 AVAST engine scan C:\Windows
14:15:31.437 AVAST engine scan C:\Windows\system32
14:17:58.982 AVAST engine scan C:\Windows\system32\drivers
14:18:25.236 AVAST engine scan C:\Users\Ben
14:46:10.146 AVAST engine scan C:\ProgramData
14:48:15.555 Scan finished successfully
14:48:54.446 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
14:48:54.446 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
AVG PC Tuneup 2011
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
AVG PC Tuneup 2011
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 11.0.1.152
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````

Ben2289
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2011-10-28
OS : XP
Points : 18753
# Likes : 0

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Ben2289 on Sun Oct 30, 2011 11:39 am

Bump. Much appreciated.

Ben2289
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2011-10-28
OS : XP
Points : 18753
# Likes : 0

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Belahzur on Sun Oct 30, 2011 9:29 pm

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Ben2289 on Mon Oct 31, 2011 6:48 am

Hi. Thank you very much for your reply. I followed your instructions. After running the application a log popped up but I wasn't able to launch any programs. Each time I tried I received an error message that they contained a hkey marked for deletion. I tried Chrome, Adobe Reader, Word, all the same response. I've since restarted and seem to be okay. Here's the log:


ComboFix 11-10-30.03 - Ben 31/10/2011 10:27:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3036.1920 [GMT 0:00]
Running from: c:\users\Ben\Desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 10:34 . 2011-10-31 10:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-02 12:28 . 2011-10-02 12:28 -------- d-----w- c:\programdata\RegInOut
2011-10-02 12:28 . 2011-10-02 12:28 -------- d-----w- c:\program files\RegInOut
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 21:50 . 2011-07-20 01:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-10 11:43 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-29 07:09 . 2011-05-10 10:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-03 1242448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\preload\Patch\AsProcOb.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-906128887-385575201-483590772-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 11:07]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-906128887-385575201-483590772-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 11:07]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\bd3ckc2r.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-vghd - c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtuaGuy HD\uninstall.lnk
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-10-31 10:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-906128887-385575201-483590772-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,6d,06,8e,5d,ce,73,51,a8,1b,e1,d9,5d,79,fa,03,d6,4e,a2,53,61,
5f,45,f6,6e,19,17,45,b5,a9,d2,58,3b,82,bd,16,c9,91,34,28,7a,f0,5b,8a,02,23,\
"rkeysecu"=hex:12,23,f4,26,8f,86,77,d5,1b,5d,c8,9f,c5,85,20,69
.
Completion time: 2011-10-31 10:37:28
ComboFix-quarantined-files.txt 2011-10-31 10:37
.
Pre-Run: 118,145,867,776 bytes free
Post-Run: 118,970,204,160 bytes free
.
- - End Of File - - 88B4E7DE2176CF08C0FD5895E67873F6

Ben2289
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2011-10-28
OS : XP
Points : 18753
# Likes : 0

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Belahzur on Wed Nov 02, 2011 9:48 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Ben2289 on Thu Nov 03, 2011 12:28 pm

Thanks. Didn't pick up any threats at all, but even as I opened IE I was asked if I wanted to run Crossrider.exe, which I refused:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Ben2289
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2011-10-28
OS : XP
Points : 18753
# Likes : 0

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Belahzur on Fri Nov 04, 2011 11:47 am

Hello.
A few of your programs need updating, so please do as follows.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.4.6
    Java(TM) 6 Update 26

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-7u1-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

Download and install [You must be registered and logged in to see this link.]
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

Your Skype also needs updating, so please download the latest version from [You must be registered and logged in to see this link.]


How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Ben2289 on Fri Nov 04, 2011 3:04 pm

Thanks for your help, I'm grateful. Anti-virus isn't flagging anything any more and there are no more freezes, but there's still some sort of issue with shutting down and restarting my computer. Each time it launches there's a message that it's configuring updates, even when I've not selected any Windows updates. Perhaps I ought to just keep hibernating it rather than shutting it down. In terms of general use everything seems functional, but I am suspicious.

Ben2289
Novice
Novice

Status :
Online
Offline

Posts : 9
Joined : 2011-10-28
OS : XP
Points : 18753
# Likes : 0

View user profile

Back to top Go down

Re: Crossrider.exe

Post by Belahzur on Tue Nov 08, 2011 7:45 pm

Yeah, understandable.

Monitor it for a few days, see if anything happens and report back.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum