Virus problems..

View previous topic View next topic Go down

Virus problems..

Post by markhtar on Mon 21 Nov 2011, 2:31 pm

Hello, My younger seems to have wrecked his laptop...he decided to download a program to watch some streaming sports. Anyway i told him to download and run the suggested programs but he keeps getting the following message, so i cannot post any logs.

Error message:
the application was unable to start correctly (0xc0000142) click ok to close the application.

I have not got him to try running these programs in safe mode. Can you advise what i should do??

Thanks,


markhtar

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-09-28
Operating System : windows XP

View user profile

Back to top Go down

Re: Virus problems..

Post by Gabethebabe on Tue 22 Nov 2011, 10:07 am

Hi there markhtar!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

You are not able to run any programs at all? Hmm. try this one:

Please download OTL by OldTimer from here and save it to your desktop.
  • Close all windows and double click OTL.com.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
explorer.exe
userinit.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Virus problems..

Post by markhtar on Tue 22 Nov 2011, 1:47 pm

Hello, I still cannot run this program - still getting the above mentioned issues. The only browser i can open is IE - and when i try to run after saving to my desktop all i get is the same error message.

markhtar

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-09-28
Operating System : windows XP

View user profile

Back to top Go down

Re: Virus problems..

Post by Gabethebabe on Wed 23 Nov 2011, 12:42 am

So I did a bit of Google searching. There is no better way to get insight in some error message. Just Google the exact error message.

It appears this error occurs on Windows 7 only, so I assume you run that.
On one website they suggested a system restore to a point BEFORE the problems began. Could you try that?

CLICK

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Virus problems..

Post by markhtar on Fri 25 Nov 2011, 1:11 pm

Ok, so i did the system restore to the 11/11/2011 and it says it didnt work BUT the OTL and other programs seem to now work - so here are the logs..

OTL logfile created on: 25/11/2011 18:41:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 66.45% Memory free
7.92 Gb Paging File | 6.38 Gb Available in Paging File | 80.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 376.17 Gb Free Space | 83.40% Space Free | Partition Type: NTFS
Drive D: | 2.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 17:54:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.com
PRC - [2011/06/28 13:23:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/05 09:07:46 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/10 14:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/01/10 14:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010/10/26 19:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/20 20:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/06/09 14:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/05 01:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/26 07:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/17 14:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 14:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 07:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe -- (AESTFilters)
SRV - [2011/08/15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/28 13:23:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/05 09:07:46 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/10 14:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 14:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/10/26 19:52:28 | 003,652,696 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/10/26 19:52:26 | 000,380,784 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/20 20:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 00:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/05 01:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/28 13:23:38 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 13:23:38 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 06:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/10/26 19:52:44 | 000,032,728 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/01 08:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/12 18:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/15 18:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/02/26 07:03:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/07 04:05:32 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/17 14:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 14:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/15 19:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 23:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 21:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/04/03 12:57:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116obex.sys -- (s116obex)
DRV:64bit: - [2007/04/03 12:57:38 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/03 12:57:36 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdm.sys -- (s116mdm)
DRV:64bit: - [2007/04/03 12:57:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdfl.sys -- (s116mdfl)
DRV:64bit: - [2007/04/03 12:57:34 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV:64bit: - [2007/01/18 14:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/10/26 19:52:50 | 000,054,896 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2010/10/26 19:52:44 | 000,054,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2010/10/26 19:52:44 | 000,037,872 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/05 14:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/05 14:17:07 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.4_0\
CHR - Extension: DivX HiQ = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Default = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/03/05 11:39:23 | 000,430,706 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14824 more lines...
O2:64bit: - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5

markhtar

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-09-28
Operating System : windows XP

View user profile

Back to top Go down

Re: Virus problems..

Post by markhtar on Fri 25 Nov 2011, 1:12 pm

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/25 18:41:56 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe
[2011/11/25 17:54:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.com
[2011/11/25 17:54:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL_com
[2011/11/21 14:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/15 16:45:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Dell Edoc Viewer
[2011/11/13 03:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/11/13 03:12:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\PackageAware
[2011/11/13 02:33:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D3CB7725-F589-4D9A-B66C-E1CC76E8B4FC}
[2011/11/11 08:46:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EE411F6A-372F-45A8-A67C-F05DCE22F708}
[2011/11/10 17:36:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{720CAC28-7614-4B2D-A618-806A33E5E657}
[2011/11/09 22:00:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{08A29868-8EDA-4531-9B4E-776013B4A488}
[2011/11/09 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{86008BE1-9981-4B7D-A9BD-1329E1F86746}
[2011/11/08 18:05:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Zarinasfiles
[2011/11/08 13:36:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1863849E-D641-4B5C-8B9E-5F88EBCAB2C1}
[2011/11/08 13:36:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F5EF1351-5E6A-4ADD-8013-8F5657B7E807}
[2011/11/07 21:58:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F4C7F6B0-E5DB-418F-8B2B-F8A72D95722D}
[2011/11/07 09:57:34 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1F6BCD8D-C95C-4775-921F-1012D46088EC}
[2011/11/06 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{9D1490A8-6F66-4923-9134-D43D500F791B}
[2011/11/06 10:05:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{670B1E3C-8E74-4548-B3E6-8E361951C2F6}
[2011/11/05 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6CBBE21F-2969-458E-B11A-ACBC003D108C}
[2011/11/05 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A89338CE-0E4F-4DFF-8E40-9E2E9127DDBB}
[2011/11/05 09:35:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B60CB4CB-24FE-4160-9215-49C07E794FFA}
[2011/11/05 09:34:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D5F5DA45-18F9-414A-93C6-0CE6AB74DA8E}
[2011/11/04 09:22:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{14ABB886-671C-4C2E-9F9A-80BD4265526B}
[2011/11/04 09:22:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1F4188E3-A97A-4428-BBAB-F36A33E8F477}
[2011/11/01 23:59:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6B24AD4B-96DA-41F2-AAA8-425039E49841}
[2011/11/01 10:39:56 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{AEE12CDA-A44D-47D9-9832-6E370C7D1ACE}
[2011/10/31 21:49:00 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5166740E-D697-44B7-BFD1-4B51105F688E}
[2011/10/31 09:48:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{78D446A9-0BA0-4E48-AB61-A056B736B5B3}
[2011/10/31 09:46:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{9E2272CF-02EE-40CD-8158-DE007F5B5040}
[2011/10/30 10:48:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{BC906E87-26FD-448A-BB29-38CB38581957}
[2011/10/30 10:47:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{ABDED090-EFD3-4791-8C9C-7FFF2C3618BC}
[2011/10/29 13:52:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7BFEC396-7B3F-4C45-B4DE-E5AA37B5DA45}
[2011/10/28 10:32:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{9E6521C7-7336-4D0D-8B40-5B9DE5E49DC1}
[2011/10/28 10:29:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{46A1082B-FB1B-45BF-AE7A-AB6234440FB3}
[2011/10/27 17:43:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F32A8E6C-1C79-481F-A0D3-1CA17FE8688F}
[2011/10/26 22:28:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B730C9F4-FCBC-4172-904D-6C813F74116C}
[2011/10/26 22:27:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A8C7C607-3ADF-4746-AEF5-B7841BFCC92F}
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/25 18:42:27 | 000,879,652 | ---- | M] () -- C:\Users\Home\Desktop\SecurityCheck.exe
[2011/11/25 18:42:01 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe
[2011/11/25 18:38:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 18:35:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 18:26:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113245019-1489344805-532924983-1001UA.job
[2011/11/25 18:20:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 18:20:58 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 18:17:54 | 000,727,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/25 18:17:54 | 000,629,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/25 18:17:54 | 000,111,212 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/25 18:13:10 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/25 18:12:30 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/25 18:03:47 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/25 17:54:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.com
[2011/11/25 17:54:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL_com
[2011/11/25 15:26:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113245019-1489344805-532924983-1001Core.job
[2011/11/22 19:29:43 | 000,000,000 | ---- | M] () -- C:\Users\Home\Desktop\jam.exe
[2011/11/22 18:37:45 | 423,334,795 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/21 20:01:06 | 000,000,000 | ---- | M] () -- C:\Users\Home\Desktop\mail.htm.06mxm32.partial
[2011/11/21 14:32:58 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/13 14:40:47 | 000,001,411 | ---- | M] () -- C:\Users\Home\Desktop\Internet Explorer (64-bit).lnk
[2011/11/13 03:20:29 | 000,456,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/13 03:07:04 | 000,000,993 | ---- | M] () -- C:\Users\Home\Desktop\SopCast.lnk
[2011/11/04 09:20:32 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/25 18:42:27 | 000,879,652 | ---- | C] () -- C:\Users\Home\Desktop\SecurityCheck.exe
[2011/11/22 19:29:43 | 000,000,000 | ---- | C] () -- C:\Users\Home\Desktop\jam.exe
[2011/11/21 20:01:06 | 000,000,000 | ---- | C] () -- C:\Users\Home\Desktop\mail.htm.06mxm32.partial
[2011/11/21 14:32:58 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/13 14:40:47 | 000,001,411 | ---- | C] () -- C:\Users\Home\Desktop\Internet Explorer (64-bit).lnk
[2011/09/14 07:10:40 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{5B6A5492-41C1-43E4-BE45-D62C8B00031A}
[2011/08/15 10:45:10 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{D19204E6-6E69-4BC7-A68B-0DE1D8FFE800}
[2011/04/06 21:58:39 | 000,003,584 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/12 19:55:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/30 13:05:41 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/28 18:18:50 | 000,054,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2011/01/28 18:18:49 | 000,054,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2010/11/16 06:20:23 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/09/25 22:54:40 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/09/25 22:54:40 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/09/25 22:54:40 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/09/25 22:54:39 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/11/25 18:42:01 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe
[2011/11/22 19:29:43 | 000,000,000 | ---- | M] () -- C:\Users\Home\Desktop\jam.exe
[2011/11/25 18:42:27 | 000,879,652 | ---- | M] () -- C:\Users\Home\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[7 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/11/16 06:23:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Absolute Software
[2011/01/28 20:04:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/05/29 18:39:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe PhotoShop CS3
[2011/03/05 13:47:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/02/06 19:41:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira
[2011/03/05 13:47:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/11/16 06:06:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2011/06/18 18:02:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/11/16 06:20:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2010/11/16 06:18:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative Live! Cam
[2010/11/16 06:28:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2011/09/21 13:20:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2010/11/16 06:20:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
[2011/05/11 18:27:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2011/11/21 14:32:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/02/17 21:34:46 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/11/16 06:06:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011/10/14 12:28:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/03/05 13:48:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/02/20 20:57:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/09/04 18:57:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/07/23 23:38:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/15 18:36:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/09/15 13:14:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/07/12 14:38:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/10/14 12:28:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/11/16 06:17:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/07/12 14:38:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/07/12 14:35:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/08/17 06:00:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2011/07/12 14:37:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/07/12 14:38:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/03/31 07:47:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/11/24 08:56:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Online Armor
[2011/02/06 17:17:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PC Tools Firewall Plus
[2011/03/05 13:47:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/03/29 20:52:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Research In Motion
[2011/03/29 20:44:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2011/01/28 18:32:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Secunia
[2010/11/16 06:18:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/11/25 18:11:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SopCast
[2011/03/14 17:53:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SoulseekNS
[2011/03/03 21:47:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sports Interactive
[2011/03/06 10:38:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spotify
[2011/02/23 18:58:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/05/28 16:07:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpywareBlaster
[2009/07/14 04:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/11/16 06:07:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent
[2009/07/14 05:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/11/25 18:11:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011/08/15 18:52:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/01/28 19:51:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/01/28 19:51:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 05:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 05:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 05:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/03/03 21:51:52 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry


< MD5 for: AGP440.SYS >
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 01:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: EXPLORER.EXE >
[2010/11/16 07:44:44 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/11/16 07:45:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/16 07:44:44 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/11/16 07:44:52 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/16 07:45:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/16 07:44:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/16 07:45:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/11/16 07:44:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/11/16 07:45:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/11/16 07:44:44 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/11/16 07:44:52 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/11/16 07:44:44 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: IASTOR.SYS >
[2009/06/04 23:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Drivers\storage\R228436\f6flpy64\IaStor.sys
[2009/06/05 00:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 23:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/06/05 00:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 23:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys
[2009/06/05 00:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 01:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 01:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 13:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 12:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 01:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 01:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 01:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 06:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 06:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 06:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 06:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 06:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 06:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 13:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/11/16 07:45:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/11/16 07:45:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/11/16 07:45:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/06 19:52:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/06 19:52:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/06 19:52:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/04/06 19:52:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/04/06 19:52:33 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/06 19:52:31 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/06 19:52:31 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/06 19:52:31 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/04/06 19:52:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/04/06 19:52:33 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >

markhtar

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-09-28
Operating System : windows XP

View user profile

Back to top Go down

Re: Virus problems..

Post by markhtar on Fri 25 Nov 2011, 1:13 pm

OTL Extras logfile created on: 25/11/2011 18:41:11 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 66.45% Memory free
7.92 Gb Paging File | 6.38 Gb Available in Paging File | 80.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 376.17 Gb Free Space | 83.40% Space Free | Partition Type: NTFS
Drive D: | 2.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{84F1B62A-E6F6-458E-BC19-51DBB14055EA}" = BlackBerry Desktop Software 4.7
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{84F1B62A-E6F6-458E-BC19-51DBB14055EA}" = BlackBerry Desktop Software 4.7
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Football Manager 2011" = Football Manager 2011
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OnlineArmor_is1" = Online Armor 4.5
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"SopCast" = SopCast 3.2.4
"Soulseek2" = SoulSeek 157 NS 13e
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.4
"VueScan" = VueScan
"WildTangent dell Master Uninstall" = WildTangent Games
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/07/2011 13:01:28 | Computer Name = Home-PC | Source = PC-Doctor | ID = 1
Description = (7128) Asapi: (18:01:28:9640)(7128) libKernelMode.ServiceManager -
Error -- 543 Error 0x57 starting service 0: (Error#:87) : The parameter is incorrect.


Error - 05/07/2011 13:01:29 | Computer Name = Home-PC | Source = PC-Doctor | ID = 1
Description = (7128) Asapi: (18:01:29:0890)(7128) libKernelMode.ServiceManager -
Error -- 80 Aborting service creation; Unrecoverable error 0x5: (Error#:5) : Access
is denied.

Error - 05/07/2011 13:01:29 | Computer Name = Home-PC | Source = PC-Doctor | ID = 1
Description = (7128) Asapi: (18:01:29:1040)(7128) libKernelMode.ServiceHandle -
Error -- 152 The service has not yet been opened.

Error - 05/07/2011 13:01:29 | Computer Name = Home-PC | Source = PC-Doctor | ID = 1
Description = (7128) Asapi: (18:01:29:1040)(7128) libKernelMode.ServiceManager -
Error -- 543 Error 0x57 starting service 0: (Error#:87) : The parameter is incorrect.


Error - 05/07/2011 13:01:29 | Computer Name = Home-PC | Source = PC-Doctor | ID = 1
Description = (7128) Asapi: (18:01:29:2760)(7128) libKernelMode.ServiceManager -
Error -- 80 Aborting service creation; Unrecoverable error 0x5: (Error#:5) : Access
is denied.

Error - 05/07/2011 13:01:29 | Computer Name = Home-PC | Source = PC-Doctor | ID = 1
Description = (7128) Asapi: (18:01:29:3070)(7128) libKernelMode.ServiceHandle -
Error -- 152 The service has not yet been opened.

Error - 05/07/2011 13:01:29 | Computer Name = Home-PC | Source = PC-Doctor | ID = 1
Description = (7128) Asapi: (18:01:29:3230)(7128) libKernelMode.ServiceManager -
Error -- 543 Error 0x57 starting service 0: (Error#:87) : The parameter is incorrect.


Error - 05/07/2011 13:01:29 | Computer Name = Home-PC | Source = PC-Doctor | ID = 1
Description = (7128) Asapi: (18:01:29:4470)(7128) libKernelMode.ServiceManager -
Error -- 80 Aborting service creation; Unrecoverable error 0x5: (Error#:5) : Access
is denied.

Error - 05/07/2011 13:01:29 | Computer Name = Home-PC | Source = PC-Doctor | ID = 1
Description = (7128) Asapi: (18:01:29:4470)(7128) libKernelMode.ServiceHandle -
Error -- 152 The service has not yet been opened.

Error - 05/07/2011 13:01:29 | Computer Name = Home-PC | Source = PC-Doctor | ID = 1
Description = (7128) Asapi: (18:01:29:4470)(7128) libKernelMode.ServiceManager -
Error -- 543 Error 0x57 starting service 0: (Error#:87) : The parameter is incorrect.


[ Dell Events ]
Error - 19/07/2011 14:34:08 | Computer Name = Home-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 19/07/2011 14:34:40 | Computer Name = Home-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 19/07/2011 14:34:40 | Computer Name = Home-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 28/07/2011 14:34:51 | Computer Name = Home-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 28/07/2011 14:34:51 | Computer Name = Home-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 25/08/2011 07:52:28 | Computer Name = Home-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 25/08/2011 07:52:28 | Computer Name = Home-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 01/09/2011 09:45:27 | Computer Name = Home-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 01/09/2011 09:45:27 | Computer Name = Home-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 21/09/2011 09:20:52 | Computer Name = Home-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 25/11/2011 13:35:16 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for ImagePath with the following
error: %%5

Error - 25/11/2011 13:35:17 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for ImagePath with the following
error: %%5

Error - 25/11/2011 13:35:17 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for ImagePath with the following
error: %%5

Error - 25/11/2011 13:35:17 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for ImagePath with the following
error: %%5

Error - 25/11/2011 13:35:17 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for ImagePath with the following
error: %%5

Error - 25/11/2011 13:44:56 | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description =

Error - 25/11/2011 13:45:36 | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description =

Error - 25/11/2011 14:04:21 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 9 service to connect.

Error - 25/11/2011 14:13:39 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 9 service to connect.

Error - 25/11/2011 14:28:08 | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description =


< End of report >

markhtar

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-09-28
Operating System : windows XP

View user profile

Back to top Go down

Re: Virus problems..

Post by markhtar on Fri 25 Nov 2011, 1:15 pm

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-25 19:03:17
-----------------------------
19:03:17.789 OS Version: Windows x64 6.1.7600
19:03:17.789 Number of processors: 2 586 0x170A
19:03:17.789 ComputerName: HOME-PC UserName: Home
19:03:19.645 Initialize success
19:03:52.159 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:03:52.159 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
19:03:52.206 Disk 0 MBR read successfully
19:03:52.206 Disk 0 MBR scan
19:03:52.222 Disk 0 Windows VISTA default MBR code
19:03:52.222 Service scanning
19:03:54.016 Modules scanning
19:03:54.016 Disk 0 trace - called modules:
19:03:54.078 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:03:54.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044b3360]
19:03:54.078 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040e8050]
19:03:54.094 Scan finished successfully
19:04:27.665 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
19:04:27.665 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"



markhtar

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-09-28
Operating System : windows XP

View user profile

Back to top Go down

Re: Virus problems..

Post by markhtar on Fri 25 Nov 2011, 1:16 pm

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Online Armor 4.5
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Java version out of date!
Adobe Flash Player ( 10.3.181.26) Flash Player out of Date!
Adobe Reader 9 (Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
Avira Antivir avguard.exe
Tall Emu Online Armor OAcat.exe
``````````End of Log````````````

markhtar

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-09-28
Operating System : windows XP

View user profile

Back to top Go down

Re: Virus problems..

Post by markhtar on Fri 25 Nov 2011, 1:37 pm

So i rebooted the laptop and now all the programs cant run again...well at least i have got the logs from the programs for you to have a look at.

thanks,

Umar

markhtar

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-09-28
Operating System : windows XP

View user profile

Back to top Go down

Re: Virus problems..

Post by Gabethebabe on Mon 28 Nov 2011, 12:50 am

You should proceed to uninstall the following:
"Windows Searchqu Toolbar" = Windows iLivid Toolbar

This is an undesirable toolbar.

After doing that, make sure that the program directory is also deleted:
C:\Program Files (x86)\Windows iLivid Toolbar

Restart your computer after uninstalling this and let me know if it runs better now.

====================

Please open Malwarebytes' Anti-Malware, click the Update tab and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan and click Scan. Please post the resulting log in your next reply.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Virus problems..

Post by markhtar on Mon 28 Nov 2011, 1:35 pm

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8259

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

28/11/2011 19:22:57
mbam-log-2011-11-28 (19-22-57).txt

Scan type: Quick scan
Objects scanned: 179410
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

markhtar

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-09-28
Operating System : windows XP

View user profile

Back to top Go down

Re: Virus problems..

Post by markhtar on Mon 28 Nov 2011, 1:36 pm

Please find attached the malware log...the laptop seems to run better and worked from the off when i rebooted it..anything else i need to do??

markhtar

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-09-28
Operating System : windows XP

View user profile

Back to top Go down

Re: Virus problems..

Post by Gabethebabe on Tue 29 Nov 2011, 4:09 am

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 29

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 29).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You have an old version installed of Adobe Reader. This old version has security issues.
I recommend that you uninstall Adobe Reader through Start > Control Panel > Add or Remove Programs.
After that you should install a PDF reader that is more secure.
Please note that Adobe Reader has a history of security issues and is a prime target for malware writers due to its popularity. You might want to consider installing a non-Adobe PDF reader. Your choice!
  • Adobe Reader 10. The last and most safest version of Adobe Reader.
  • SumatraPDF. Very small and very light PDF viewer.
  • PDF XChange. Also available in 64-bit version if you have a 64-bit OS. Can be installed as portable.

====================

Do you have any more questions or do you want to see my ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)?


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Virus problems..

Post by Sponsored content Today at 9:58 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum