Junior Member
Hi
Please could you help me get rid of adware and trojans on my computer. I have scanned my computer with super antispyware free edition several times and cannot seem to get rid of the adware and trojans.
Thanks
Senior Member
STEP 1. Download Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware: Malwarebytes to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
RESTART COMPUTER!
STEP 2. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
RESTART COMPUTER
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Junior Member
Hi
Thanks for your email. Below is the log for Step 1. I am having problems with GMER running on the computer. I have tried it in safe mode. The computer shuts itself down before the scan has finished.
Thanks
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4232
Windows 6.0.6000
Internet Explorer 7.0.6000.16757
24/06/2010 10:57:07
mbam-log-2010-06-24 (10-57-07).txt
Scan type: Quick scan
Objects scanned: 138168
Time elapsed: 20 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{dd140a75-b643-4124-97c5-82ba9de5ee99} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Seekeen (Adware.Zwangi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Seekeen (Adware.Zwangi) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\thubvci (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\Seekeen (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\Tom\Local Settings\Application Data\thubvci_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Tom\Local Settings\Application Data\thubvci_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Tom\Local Settings\Application Data\thubvci.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Tom\Local Settings\Application Data\thubvci.exe (Adware.Navipromo.H) -> Delete on reboot.
c:\Users\Tom\AppData\Local\thubvci.exe (Trojan.Agent.H) -> Delete on reboot.
C:\Users\Tom\AppData\Local\Temp\ProtectorHook32.dl l (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Tom\Local Settings\Application Data\nudck_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
Senior Member
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Junior Member
Hi
Thanks for your email, below is my log for combofix.
ComboFix 10-06-25.02 - Tom 26/06/2010 10:04:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2047.1169 [GMT 1:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100625-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1368 [VPS 100625-1] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Tom\AppData\Roaming\Desktopicon
c:\users\Tom\AppData\Roaming\Desktopicon\config.in i
c:\users\Tom\AppData\Roaming\Desktopicon\eBayShort cuts.exe
c:\users\Tom\AppData\Roaming\inst.exe
c:\windows\system\PRISMA02.sys
c:\windows\system32\Data
c:\windows\xpsp1hfm.log
.
((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.
2010-06-26 09:18 . 2010-06-26 09:18 -------- d-----w- c:\users\Tom\AppData\Local\temp
2010-06-26 09:18 . 2010-06-26 09:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-26 08:58 . 2010-06-26 08:59 -------- d-----w- C:\32788R22FWJFW
2010-06-26 08:44 . 2010-06-26 08:44 -------- d-----w- C:\sasuninst.files
2010-06-24 09:31 . 2010-06-24 09:31 -------- d-----w- c:\users\Tom\AppData\Roaming\Malwarebytes
2010-06-24 09:31 . 2010-06-24 09:31 -------- d-----w- c:\programdata\Malwarebytes
2010-06-23 17:12 . 2010-06-23 17:12 -------- d-----w- c:\program files\WOT
2010-06-23 12:45 . 2010-06-23 12:45 63488 ----a-w- c:\users\Tom\AppData\Roaming\SUPERAntiSpyware.com\ SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-23 12:45 . 2010-06-23 12:45 52224 ----a-w- c:\users\Tom\AppData\Roaming\SUPERAntiSpyware.com\ SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-23 12:45 . 2010-06-23 12:45 117760 ----a-w- c:\users\Tom\AppData\Roaming\SUPERAntiSpyware.com\ SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-23 12:44 . 2010-06-23 12:44 -------- d-----w- c:\users\Tom\AppData\Roaming\SUPERAntiSpyware.com
2010-06-23 09:29 . 2010-06-23 09:29 -------- d-----w- c:\users\Tom\AppData\Local\Thunderbird
2010-06-23 09:29 . 2010-06-23 09:29 -------- d-----w- c:\users\Tom\AppData\Roaming\Thunderbird
2010-06-23 07:57 . 2010-06-23 07:57 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4A2.tmp.exe
2010-06-09 07:37 . 2010-06-18 14:13 -------- d-----w- c:\users\Tom\AppData\Roaming\eBookPro6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-24 20:36 . 2009-03-28 09:41 -------- d-----w- c:\program files\DivX
2010-06-24 20:33 . 2009-05-05 13:03 -------- d-----w- c:\program files\7-Zip
2010-06-24 09:26 . 2009-06-19 19:26 88 ----a-w- c:\users\Tom\AppData\Local\kmsoaga.bat
2010-06-23 12:37 . 2009-03-31 20:01 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 09:20 . 2009-02-27 15:57 -------- d-----w- c:\program files\AskTBar
2010-06-18 12:53 . 2009-02-27 15:20 -------- d-----w- c:\program files\Common Files\Nero
2010-06-18 12:27 . 2008-11-11 16:07 -------- d-----w- c:\programdata\Nero
2010-06-18 11:56 . 2008-11-11 16:07 -------- d-----w- c:\program files\Nero
2010-06-18 11:27 . 2009-06-17 23:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-18 11:27 . 2009-01-12 16:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-18 11:23 . 2009-04-05 16:28 -------- d-----w- c:\users\Tom\AppData\Roaming\Vso
2010-06-18 11:23 . 2009-04-05 16:28 47360 ----a-w- c:\users\Tom\AppData\Roaming\pcouffin.sys
2010-06-18 11:23 . 2009-04-05 16:28 47360 ----a-w- c:\users\Tom\AppData\Roaming\pcouffin.sys
2010-06-18 11:23 . 2009-02-10 11:28 -------- d-----w- c:\program files\mozilla.org
2010-06-18 11:16 . 2007-12-27 19:35 -------- d-----w- c:\program files\Common Files\Real
2010-06-18 11:13 . 2009-06-17 12:00 -------- d-----w- c:\program files\The KMPlayer
2010-06-18 11:07 . 2009-12-22 14:57 -------- d-----w- c:\program files\Veoh Networks
2010-06-18 11:06 . 2007-10-27 07:43 -------- d-----w- c:\program files\Yahoo!
2010-06-17 11:27 . 2010-03-04 12:05 439816 ----a-w- c:\users\Tom\AppData\Roaming\Real\Update\setup3.10 \setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-12-04 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-24 39408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-12-21 2640120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-15 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-10 90192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-10 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-02-10 81920]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-3-21 106551]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-11-11 618496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
R2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-23 188416]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;c:\windows\system32\Drivers\hcw99bda.sys [2007-02-05 131072]
R3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\Drivers\hcw99rc.sys [2007-02-05 10368]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswF sBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\as wMonFlt.sys [2009-11-24 53328]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2007-05-21 1180672]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
.
Contents of the 'Scheduled Tasks' folder
2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 09:28]
2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 09:28]
2010-06-26 c:\windows\Tasks\User_Feed_Synchronization-{DFBD47C7-7712-42B5-BBF4-62A7592889EF}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://virginmedia.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-thubvci - c:\users\tom\appdata\local\thubvci.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-UDC Integration - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-26 10:18
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-26 10:24:47
ComboFix-quarantined-files.txt 2010-06-26 09:24
Pre-Run: 45,876,555,776 bytes free
Post-Run: 52,792,180,736 bytes free
- - End Of File - - 0FB1121A003C53DB7D2D8BA2C6360197
Senior Member
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:File:: c:\users\Tom\AppData\Local\kmsoaga.bat
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
Junior Member
Hi
Thanks for your reply, my log is posted below
ComboFix 10-06-26.03 - Tom 27/06/2010 16:15:06.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2047.1088 [GMT 1:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
Command switches used :: c:\users\Tom\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100627-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1368 [VPS 100627-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\users\Tom\AppData\Local\kmsoaga.bat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Tom\AppData\Local\kmsoaga.bat
.
((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 )))))))))))))))))))))))))))))))
.
2010-06-27 15:25 . 2010-06-27 15:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-27 15:25 . 2010-06-27 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-27 15:12 . 2010-06-27 15:12 -------- d-----w- C:\32788R22FWJFW
2010-06-26 18:28 . 2010-06-26 18:28 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-26 18:28 . 2010-06-26 18:28 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-26 18:28 . 2010-06-26 18:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-26 18:28 . 2010-06-26 18:28 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-26 18:28 . 2010-06-26 18:28 24064 ----a-w- c:\windows\system32\lpk.dll
2010-06-26 18:28 . 2010-06-26 18:28 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-26 18:25 . 2010-06-26 18:25 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 18:25 . 2010-06-26 18:25 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 18:20 . 2010-06-26 18:20 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-26 18:20 . 2010-06-26 18:20 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-26 18:19 . 2010-06-26 18:19 15360 ----a-w- c:\windows\system32\netevent.dll
2010-06-26 18:19 . 2010-06-26 18:19 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-06-26 18:19 . 2010-06-26 18:19 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-06-26 18:19 . 2010-06-26 18:19 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-06-26 18:19 . 2010-06-26 18:19 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-06-26 18:19 . 2010-06-26 18:19 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-06-26 18:19 . 2010-06-26 18:19 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-06-26 18:19 . 2010-06-26 18:19 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-06-26 18:19 . 2010-06-26 18:19 10240 ----a-w- c:\windows\system32\finger.exe
2010-06-26 18:18 . 2010-06-26 18:18 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-06-26 18:18 . 2010-06-26 18:18 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-06-26 18:18 . 2010-06-26 18:18 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-06-26 18:18 . 2010-06-26 18:18 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-06-26 18:18 . 2010-06-26 18:18 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-06-26 18:18 . 2010-06-26 18:18 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-06-26 18:17 . 2010-06-26 18:17 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-06-26 18:17 . 2010-06-26 18:17 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-06-26 18:17 . 2010-06-26 18:17 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-06-26 18:17 . 2010-06-26 18:17 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-06-26 18:16 . 2010-06-26 18:16 7680 ----a-w- c:\windows\system32\lsass.exe
2010-06-26 18:16 . 2010-06-26 18:16 72704 ----a-w- c:\windows\system32\secur32.dll
2010-06-26 18:16 . 2010-06-26 18:16 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-06-26 18:16 . 2010-06-26 18:16 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-26 18:16 . 2010-06-26 18:16 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-06-26 18:16 . 2010-06-26 18:16 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-26 18:15 . 2010-06-26 18:15 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-26 18:15 . 2010-06-26 18:15 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-26 18:15 . 2010-06-26 18:15 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-26 18:14 . 2010-06-26 18:14 2855424 ----a-w- c:\windows\system32\mf.dll
2010-06-26 18:14 . 2010-06-26 18:14 98816 ----a-w- c:\windows\system32\mfps.dll
2010-06-26 18:14 . 2010-06-26 18:14 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-06-26 18:14 . 2010-06-26 18:14 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-06-26 18:14 . 2010-06-26 18:14 2048 ----a-w- c:\windows\system32\mferror.dll
2010-06-26 18:13 . 2010-06-26 18:13 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-26 18:13 . 2010-06-26 18:13 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-26 18:12 . 2010-06-26 18:12 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-06-26 18:11 . 2010-06-26 18:11 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-06-26 18:10 . 2010-06-26 18:10 71680 ----a-w- c:\windows\system32\atl.dll
2010-06-26 18:10 . 2010-06-26 18:10 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-06-26 18:07 . 2010-06-26 18:07 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-06-26 18:07 . 2010-06-26 18:07 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-06-26 18:07 . 2010-06-26 18:07 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-06-26 18:06 . 2010-06-26 18:06 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-06-26 18:06 . 2010-06-26 18:06 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-06-26 18:06 . 2010-06-26 18:06 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-06-26 18:05 . 2010-06-26 18:05 268800 ----a-w- c:\windows\system32\es.dll
2010-06-26 18:01 . 2010-06-26 18:01 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-06-26 18:01 . 2010-06-26 18:01 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-06-26 18:01 . 2010-06-26 18:01 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-26 17:58 . 2010-06-26 17:58 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-26 17:56 . 2010-06-26 17:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-26 17:54 . 2010-06-26 17:54 696832 ----a-w- c:\windows\system32\localspl.dll
2010-06-26 17:52 . 2010-06-26 17:52 2923520 ----a-w- c:\windows\explorer.exe
2010-06-26 17:50 . 2010-06-26 17:50 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-06-26 17:48 . 2010-06-26 17:48 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-06-26 17:48 . 2010-06-26 17:48 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-06-26 17:48 . 2010-06-26 17:48 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-06-26 17:48 . 2010-06-26 17:48 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-06-26 17:48 . 2010-06-26 17:48 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-06-26 17:48 . 2010-06-26 17:48 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-06-26 17:48 . 2010-06-26 17:48 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-06-26 17:48 . 2010-06-26 17:48 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-06-26 17:48 . 2010-06-26 17:48 53248 ----a-w- c:\windows\system32\iasads.dll
2010-06-26 17:48 . 2010-06-26 17:48 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-06-26 17:48 . 2010-06-26 17:48 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-06-26 17:44 . 2010-06-26 17:44 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-06-26 17:44 . 2010-06-26 17:44 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2010-06-26 17:44 . 2010-06-26 17:44 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-06-26 17:44 . 2010-06-26 17:44 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-06-26 17:44 . 2010-06-26 17:44 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-06-26 17:44 . 2010-06-26 17:44 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-06-26 17:44 . 2010-06-26 17:44 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-26 17:42 . 2010-06-26 17:42 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-26 17:41 . 2010-06-26 17:41 25600 ----a-w- c:\windows\system32\amxread.dll
2010-06-26 17:41 . 2010-06-26 17:41 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-06-26 17:31 . 2010-06-26 17:31 97792 ----a-w- c:\windows\system32\cabview.dll
2010-06-26 17:30 . 2010-06-26 17:30 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-06-26 17:28 . 2010-06-26 17:28 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-06-26 17:26 . 2010-06-26 17:26 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-26 17:26 . 2010-06-26 17:26 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-06-26 17:26 . 2010-06-26 17:26 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-26 17:26 . 2010-06-26 17:26 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-26 17:26 . 2010-06-26 17:26 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-26 17:26 . 2010-06-26 17:26 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-26 17:26 . 2010-06-26 17:26 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-26 17:26 . 2010-06-26 17:26 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-26 17:26 . 2010-06-26 17:26 472576 ----a-w- c:\windows\system32\secproc.dll
2010-06-26 17:25 . 2010-06-26 17:25 269824 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 17:21 . 2010-06-26 17:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-26 17:21 . 2010-06-26 17:21 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-26 17:21 . 2010-06-26 17:21 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-06-26 17:20 . 2010-06-26 17:20 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-06-26 17:20 . 2010-06-26 17:20 94720 ----a-w- c:\windows\system32\logagent.exe
2010-06-26 17:19 . 2010-06-26 17:19 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-06-26 17:18 . 2010-06-26 17:18 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-26 17:17 . 2010-06-26 17:17 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-06-26 17:17 . 2010-06-26 17:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-06-26 17:17 . 2010-06-26 17:17 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-06-26 17:14 . 2010-06-26 17:14 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-26 17:13 . 2010-06-26 17:13 274432 ----a-w- c:\windows\system32\raschap.dll
2010-06-26 17:13 . 2010-06-26 17:13 232960 ----a-w- c:\windows\system32\rastls.dll
2010-06-26 17:12 . 2010-06-26 17:12 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-06-26 17:09 . 2010-06-26 17:09 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-06-26 17:09 . 2010-06-26 17:09 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-06-26 17:09 . 2010-06-26 17:09 1327616 ----a-w- c:\windows\system32\quartz.dll
2010-06-26 17:09 . 2010-06-26 17:09 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-06-26 17:09 . 2010-06-26 17:09 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-06-26 17:09 . 2010-06-26 17:09 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-06-26 17:09 . 2010-06-26 17:09 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-06-26 17:09 . 2010-06-26 17:09 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-06-26 17:09 . 2010-06-26 17:09 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-06-26 17:09 . 2010-06-26 17:09 123904 ----a-w- c:\windows\system32\msvfw32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-26 18:54 . 2007-03-13 06:40 118744 ----a-w- c:\users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-26 18:44 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-26 18:26 . 2010-06-26 18:26 72704 ----a-w- c:\windows\system32\admparse.dll
2010-06-26 18:26 . 2010-06-26 18:26 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 18:26 . 2010-06-26 18:26 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-06-26 18:26 . 2010-06-26 18:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-26 18:26 . 2010-06-26 18:26 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-06-26 18:16 . 2007-11-02 17:18 -------- d-----w- c:\programdata\Microsoft Help
2010-06-26 17:41 . 2010-06-26 17:41 40960 ----a-w- c:\windows\AppPatch\apihex86.dll
2010-06-26 17:36 . 2007-11-02 17:29 -------- d-----w- c:\program files\Microsoft Works
2010-06-26 17:21 . 2010-06-26 17:21 2560 ----a-w- c:\windows\AppPatch\AcRes.dll
2010-06-26 17:21 . 2010-06-26 17:21 2143744 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-06-26 17:21 . 2010-06-26 17:21 537600 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-06-26 17:21 . 2010-06-26 17:21 449024 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-06-26 17:21 . 2010-06-26 17:21 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-06-24 20:36 . 2009-03-28 09:41 -------- d-----w- c:\program files\DivX
2010-06-24 20:33 . 2009-05-05 13:03 -------- d-----w- c:\program files\7-Zip
2010-06-23 12:37 . 2009-03-31 20:01 -------- d-----w- c:\program files\Common Files\Apple
2010-06-23 09:20 . 2009-02-27 15:57 -------- d-----w- c:\program files\AskTBar
2010-06-18 12:53 . 2009-02-27 15:20 -------- d-----w- c:\program files\Common Files\Nero
2010-06-18 12:27 . 2008-11-11 16:07 -------- d-----w- c:\programdata\Nero
2010-06-18 11:56 . 2008-11-11 16:07 -------- d-----w- c:\program files\Nero
2010-06-18 11:27 . 2009-06-17 23:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-18 11:27 . 2009-01-12 16:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-18 11:23 . 2009-04-05 16:28 -------- d-----w- c:\users\Tom\AppData\Roaming\Vso
2010-06-18 11:23 . 2009-04-05 16:28 47360 ----a-w- c:\users\Tom\AppData\Roaming\pcouffin.sys
2010-06-18 11:23 . 2009-04-05 16:28 47360 ----a-w- c:\users\Tom\AppData\Roaming\pcouffin.sys
2010-06-18 11:23 . 2009-02-10 11:28 -------- d-----w- c:\program files\mozilla.org
2010-06-18 11:16 . 2007-12-27 19:35 -------- d-----w- c:\program files\Common Files\Real
2010-06-18 11:13 . 2009-06-17 12:00 -------- d-----w- c:\program files\The KMPlayer
2010-06-18 11:07 . 2009-12-22 14:57 -------- d-----w- c:\program files\Veoh Networks
2010-06-18 11:06 . 2007-10-27 07:43 -------- d-----w- c:\program files\Yahoo!
2010-06-17 11:27 . 2010-03-04 12:05 439816 ----a-w- c:\users\Tom\AppData\Roaming\Real\Update\setup3.10 \setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-12-04 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-24 39408]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-12-21 2640120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-15 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-10 90192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-10 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-02-10 81920]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2007-3-21 106551]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-11-11 618496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
R2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-23 188416]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;c:\windows\system32\Drivers\hcw99bda.sys [2007-02-05 131072]
R3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\Drivers\hcw99rc.sys [2007-02-05 10368]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswF sBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\as wMonFlt.sys [2009-11-24 53328]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\DRIVERS\AVerBDA3x.sys [2007-05-21 1180672]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
.
Contents of the 'Scheduled Tasks' folder
2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 09:28]
2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 09:28]
2010-06-27 c:\windows\Tasks\User_Feed_Synchronization-{DFBD47C7-7712-42B5-BBF4-62A7592889EF}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://virginmedia.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
AddRemove-kmsoaga - c:\users\tom\appdata\local\kmsoaga.bat
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-27 16:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-27 16:31:13
ComboFix-quarantined-files.txt 2010-06-27 15:31
ComboFix2.txt 2010-06-26 09:24
Pre-Run: 48,294,379,520 bytes free
Post-Run: 48,315,273,216 bytes free
- - End Of File - - FC689074DF35786108B707544A94E8C0
Senior Member
How is your computer doing at the moment?
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
================================================== =========
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Junior Member
Hi
Thanks for your quick reply. My computer is running a lot quicker. I have noticed that it logs off a lot, it did this a few times whilst I was running the scan. Below are the two logs.
OTL logfile created on: 27/06/2010 20:12:22 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Tom\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 44.19 Gb Free Space | 29.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111.79 Gb Total Space | 111.70 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOM-PC
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/27 20:10:07 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
PRC - [2010/06/26 19:25:56 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2010/06/26 18:52:10 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/02/01 23:55:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/01 23:55:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/22 00:05:10 | 002,640,120 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/23 20:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009/04/29 13:46:06 | 001,787,224 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/01/24 12:20:35 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2007/10/11 11:53:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/15 20:25:14 | 000,098,304 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
PRC - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2005/06/10 11:44:02 | 000,081,920 | R--- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/09/12 11:00:00 | 000,049,152 | ---- | M] (GEAR Software) -- C:\Windows\System32\gearsec.exe
========== Modules (SafeList) ==========
MOD - [2010/06/27 20:10:07 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
MOD - [2006/11/02 10:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07 289e07e1d100\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007/08/15 12:58:14 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/23 04:15:50 | 000,188,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe -- (CardBusService)
SRV - [2007/04/02 14:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2005/01/31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/09/12 11:00:00 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\Windows\System32\gearsec.exe -- (GearSecurity)
========== Driver Services (SafeList) ==========
DRV - [2009/12/12 11:39:44 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/11/25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 00:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2007/10/16 19:39:18 | 001,971,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/21 09:42:46 | 001,180,672 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2007/04/03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/02/10 11:48:00 | 007,409,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/05 22:20:24 | 000,010,368 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw99rc.sys -- (hcw99rc)
DRV - [2007/02/05 22:19:24 | 000,131,072 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw99bda.sys -- (HCW99BDA)
DRV - [2007/02/05 18:10:34 | 001,122,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P17.SYS -- (P17)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 08:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2005/11/09 15:44:48 | 000,024,288 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\ANIO.sys -- (ANIO)
DRV - [2005/11/03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Virgin Media - Broadband, digital TV, phone & mobile phone plus broadband
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-USfficial"
[2010/06/23 10:29:46 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2010/06/23 10:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\{3 550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/08/31 13:12:00 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profi les\rkni5dgz.default\extensions
[2009/02/10 12:10:33 | 000,000,000 | ---D | M] (Mostly Crystal) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profi les\rkni5dgz.default\extensions\{0cdfdd5e-eea6-45ff-b035-81243cf02efb}
[2009/02/07 23:42:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profi les\rkni5dgz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/02/10 12:16:05 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profi les\rkni5dgz.default\extensions\piclens@cooliris.c om
[2010/06/23 13:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/27 20:32:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/14 11:10:15 | 000,000,000 | ---D | M] (Seekeen) -- C:\Program Files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}
[2007/08/07 10:25:58 | 000,001,461 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009/01/14 11:10:10 | 000,002,386 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekeen140.xml
O1 HOSTS File: ([2010/06/27 16:25:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupda...01/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupda...5106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tom\Videos\Pictures\eMuseumPlus9.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tom\Videos\Pictures\eMuseumPlus9.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 12:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (www)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/06/27 20:10:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2010/06/27 16:31:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/27 16:31:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/27 16:31:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\temp
[2010/06/27 16:12:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/06/27 16:12:22 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/06/26 18:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/06/26 18:36:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/26 09:59:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/26 09:59:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/26 09:59:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/26 09:59:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/26 09:59:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/25 10:39:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/24 10:31:17 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
[2010/06/24 10:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/23 18:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2010/06/23 13:44:48 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/23 10:29:16 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Thunderbird
[2010/06/23 10:29:16 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Thunderbird
[2010/06/09 08:37:11 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\eBookPro6
========== Files - Modified Within 90 Days ==========
[2010/06/27 20:15:32 | 005,767,168 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT
[2010/06/27 20:15:04 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DFBD47C7-7712-42B5-BBF4-62A7592889EF}.job
[2010/06/27 20:10:07 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2010/06/27 20:07:11 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/27 20:07:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/27 20:06:59 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 20:06:59 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 20:06:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/27 20:05:52 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/27 20:04:33 | 002,230,779 | -H-- | M] () -- C:\Users\Tom\AppData\Local\IconCache.db
[2010/06/27 19:57:50 | 000,002,627 | ---- | M] () -- C:\Users\Tom\Desktop\Microsoft Office Word 2007.lnk
[2010/06/27 19:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/27 17:30:22 | 001,471,198 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/27 17:30:22 | 000,533,970 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/27 17:30:21 | 000,327,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/27 16:26:02 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/27 16:25:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/26 19:54:22 | 000,118,744 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/26 19:53:42 | 000,000,943 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/26 19:53:37 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/06/26 19:52:39 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/06/26 19:48:22 | 000,420,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/26 19:18:04 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2010/06/26 18:34:01 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/06/24 20:26:31 | 311,413,432 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/23 18:10:37 | 001,262,080 | ---- | M] () -- C:\Users\Tom\Desktop\WOT-latest-all.msi
[2010/06/23 15:22:19 | 000,087,552 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/23 15:11:34 | 024,323,219 | ---- | M] () -- C:\Users\Tom\Documents\EFT WORLD SUMMIT.mp3
[2010/06/18 12:54:38 | 000,031,097 | ---- | M] () -- C:\Windows\Irremote.ini
[2010/06/18 12:23:48 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Tom\AppData\Roaming\pcouffin.sys
[2010/06/18 12:23:48 | 000,007,887 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\pcouffin.cat
[2010/06/18 12:23:48 | 000,001,144 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\pcouffin.inf
[2010/05/13 12:44:20 | 000,000,000 | ---- | M] () -- C:\Users\Tom\Desktop\New Microsoft Office Word Document.docx
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
========== Files Created - No Company Name ==========
[2010/06/26 19:53:37 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/06/26 19:18:04 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/06/26 09:59:25 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/26 09:59:25 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/26 09:59:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/26 09:59:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/26 09:59:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/24 20:26:32 | 2147,016,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/23 18:10:30 | 001,262,080 | ---- | C] () -- C:\Users\Tom\Desktop\WOT-latest-all.msi
[2010/05/13 12:44:20 | 000,000,000 | ---- | C] () -- C:\Users\Tom\Desktop\New Microsoft Office Word Document.docx
[2009/01/07 21:39:39 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/30 20:24:34 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI
[2008/12/30 17:48:12 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LAME_MP3.dll
[2008/11/11 17:29:33 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2008/11/11 17:29:33 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2008/11/11 17:29:22 | 000,262,144 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2008/11/11 17:29:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2008/01/09 15:18:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008/01/09 15:14:03 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2008/01/04 15:44:20 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007/11/02 18:43:53 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/11/01 14:44:05 | 000,000,025 | ---- | C] () -- C:\Windows\CDED88.ini
[2007/04/23 16:54:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
[2007/03/21 18:38:01 | 000,006,206 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007/03/13 09:49:51 | 000,001,339 | ---- | C] () -- C:\Windows\System32\Ludap17.ini
[2007/03/13 09:49:51 | 000,000,039 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007/03/13 08:37:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2007/03/13 08:01:58 | 000,031,097 | ---- | C] () -- C:\Windows\Irremote.ini
[2007/03/13 08:01:13 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 19:35:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005/02/25 06:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
========== LOP Check ==========
[2009/01/31 11:25:30 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Amazon
[2009/06/18 0044 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Any Video Converter
[2009/02/27 14:17:12 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Canneverbe_Limited
[2008/12/30 23:48:57 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DataCast
[2009/02/27 14:51:55 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DeepBurner Pro
[2010/06/18 15:13:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\eBookPro6
[2009/05/23 10:31:32 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\EPSON
[2007/10/27 08:55:13 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\iPodder
[2009/01/10 18:49:30 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\NCH Swift Sound
[2010/03/24 13:32:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenOffice.org
[2010/06/23 10:29:29 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Thunderbird
[2010/06/18 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Vso
[2010/06/27 20:04:50 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/27 20:15:04 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DFBD47C7-7712-42B5-BBF4-62A7592889EF}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007/03/13 1507 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/06/27 16:31:13 | 000,020,280 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/01/12 21:04:54 | 000,000,021 | ---- | M] () -- C:\CTSUFile.txt
[2009/01/12 19:03:47 | 000,001,422 | ---- | M] () -- C:\Cucu_Video_log.txt
[2007/03/21 18:33:30 | 000,180,755 | ---- | M] () -- C:\hcwclear.txt
[2010/06/27 20:05:52 | 2147,016,704 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/15 19:24:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/15 19:24:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/27 20:05:51 | 2460,942,336 | -HS- | M] () -- C:\pagefile.sys
[2007/03/13 08:57:52 | 000,000,326 | ---- | M] () -- C:\uniTvTv.log
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.d ll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 10:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/08/15 12:52:24 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\user32.dll /md5 >
[2007/04/25 17:18:49 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2006/11/02 10:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Video ToolBox Capture:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\REBECCA5.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\REBECCA2.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\REBECCA10.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 047.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 046.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 045.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 044.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 043.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 042.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 041.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 040.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 039.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 038.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 037.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 036.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 035.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 034.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 033.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 032.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 031.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 030.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 029.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 028.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 027.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 026.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 025.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 024.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 023.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 022.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 021.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 020.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 019.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 018.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 017.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 016.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 015.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 014.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 013.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 012.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 011.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 010.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 009.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 008.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 007.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 006.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 005.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 004.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 003.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 002.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 001.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Music Score:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\me and george1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\me and george 2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lkme.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lkgroup.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk9.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk8.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk7.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk6.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk56.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk55.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk54.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk53.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk52.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk51.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk50.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk5.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk49.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk48.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk47.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk46.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk45.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk44.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk43.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk42.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk41.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk40.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk39.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk38.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk37.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk36.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk35.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk34.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk33.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk32.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk31.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk30.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk29.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk28.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk27.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk26.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk25.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk24.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk23.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk22.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk21.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk20.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk2.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk19.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk18.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk17.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk16.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk15.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk14.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk13.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk11.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk10.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk1.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Cyberlink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\9.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\8.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\7.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\6.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\5.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\4.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\3.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\2006-05-07_Madeline_Albright_iPod.mp4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\2.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\15.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\13rr.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\12rr.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\12lk.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\11.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\10.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\1.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\0324111439Analog TV.jpg:Roxio EMC Stream
< End of report >
OTL Extras logfile created on: 27/06/2010 20:12:22 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Tom\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 44.19 Gb Free Space | 29.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111.79 Gb Total Space | 111.70 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOM-PC
Current User Name: Tom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{02A51320-C7C0-464B-8AF2-E7DAB51A9969}" = lport=138 | protocol=17 | dir=in | app=system |
"{20211335-6DFD-4661-9FFB-95F6CFB99172}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{270F677C-A24B-4D0C-9356-CE74D8F7EBA2}" = rport=138 | protocol=17 | dir=out | app=system |
"{277A9324-27A2-4FD2-8AD5-99BB756F25C7}" = lport=86 | protocol=6 | dir=in | name=broadcam web server |
"{31027A80-81A9-436D-8CE0-524D59FD894D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39A2EE41-1E2D-4EF9-B236-2A79C92932B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48D34EB6-FCBE-4486-93D0-19D5E8700438}" = lport=445 | protocol=6 | dir=in | app=system |
"{4CAAB179-2B2E-4CA5-B4E7-3056F83936B4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E6C5271-590C-41D0-92E5-947F9375A089}" = rport=139 | protocol=6 | dir=out | app=system |
"{603F8C92-C97B-4864-AE99-EB3218D56756}" = rport=137 | protocol=17 | dir=out | app=system |
"{690356D6-609B-4936-94B0-4B53A6EE1F77}" = lport=139 | protocol=6 | dir=in | app=system |
"{760C10FE-B9FB-4499-B4A4-9C5818791CF1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8809829B-822E-4F46-9D05-AA1F6CDD3AD4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{94B8B58C-53AC-4FD9-B8AE-7E6EE2BAB449}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A196E5D0-EFBD-4929-A65B-DB1A53CF8181}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA83C8DB-4AE0-4639-8E6F-1E32879127A9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B733CE3A-1D62-4E2C-85F5-993D80DD2401}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6183BA8-C57E-495F-80D5-515449CD3DD9}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6B8E7D6-B56B-4C18-B464-C5B3E0A3E622}" = rport=445 | protocol=6 | dir=out | app=system |
"{E396BB17-066A-40DB-BEF4-5E8791F85F4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FFB4FA90-E1E8-4D48-A1C9-750B210C83CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{06BC348E-38CE-4F06-BCB5-0C5A3F27C458}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{07C4AE99-AA92-4C3F-A970-787E373DFD84}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{0C198674-49EE-4C5C-B088-A6B5C0196D20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F46C99B-5B04-45E2-83E8-1C719D77EEFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30B2A809-ED44-49ED-AB65-CC52618CB21B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36FA89BB-EBBA-45E2-AC03-C0CD0770229A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{373D5F7A-A2E2-4825-980E-43DCBD055B03}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{38A9B1E2-7B6C-45C7-8B1E-1DA50C46B061}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DCB9C3B-7DFF-431F-9D66-3CECBD3AC1DB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5293DD11-8DBF-4EFE-B25B-0212A8FB49FE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{56393C20-6B76-48E5-8A83-1F977AF4D91F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5A996BB5-2CA0-4F5D-B84F-902018750877}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C1AA07B-7AF7-4E34-8C1F-9D3633D89EA3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84424376-6AC1-4B8A-ABA3-C017190F7A9C}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{944C9EAF-D93E-473F-A480-6ECED2C26899}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A79E063E-C6E8-41CC-959B-46AB5E86085A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A92007A1-0EBF-46FE-8582-A35C59A62DCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA1F40CC-EEE4-4DE4-988E-29F1F3071A85}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D095E347-8902-4194-9D19-8040D3203FCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D342489A-F5BD-4357-806E-8950E8C87F64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DEA74075-A69B-466B-B792-D564F6E00BF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E59FDF91-DC42-447C-B2F9-D1546B638BFF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E8863491-4DB8-4671-933A-48E6544FEFC9}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F2EA3AE8-9A69-434E-9A2F-AFED715A6D1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F58C4A45-5032-4E5C-B9C3-1F77117FD96B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F901BC02-948D-427C-9D4B-636B099B995A}" = protocol=6 | dir=out | app=system |
"TCP Query User{BA7C5AE1-DA74-44A0-B742-795D731ACE76}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{C727E954-1912-4E46-882A-19BE7A578622}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{EA11466E-364F-4F24-B33D-4EC4F7B59A94}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EF694BCB-3AE0-4A6A-90EC-4036CFC13B38}C:\users\tom\appdata\local\sgjvbn.exe " = protocol=6 | dir=in | app=c:\users\tom\appdata\local\sgjvbn.exe |
"UDP Query User{0BF73EFD-EEE0-414D-B273-C721A8E53042}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{69095B1B-54B6-4034-BFEF-34C9864D8B9C}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{86C3ECA4-CD9A-450B-B100-BE7412C6D796}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C71DEA82-4E91-4AF6-94A9-DC2C37F7A141}C:\users\tom\appdata\local\sgjvbn.exe " = protocol=17 | dir=in | app=c:\users\tom\appdata\local\sgjvbn.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27916A66-4A4F-4198-9C69-72833F7842C0}" = FormatFactory
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"avast!" = avast! Antivirus
"AVerMedia A16A/A16AR PCI Hybrid DVB-T" = AVerMedia A16A/A16AR PCI Hybrid DVB-T 3.5.0.65
"AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62
"AVS TV Recorder_is1" = AVS TV Recorder 2.1.3
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Cakewalk Pyro 2004" = Cakewalk Pyro 2004
"Creative Media Lite" = Creative Media Lite
"DVD43_is1" = DVD43 v4.6.0
"EPSON Printer and Utilities" = EPSON Printer Software
"ESD88 User's Guide" = ESD88 User's Guide
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Indeo® software" = Indeo® software
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MyFreeCodec" = MyFreeCodec
"novaPDF Professional Desktop 6 printer_is1" = novaPDF Professional Desktop 6.4 printer
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter
"WinRAR archiver" = WinRAR archiver
"XviD_is1" = XviD MPEG-4 Video Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 27/02/2009 09:50:58 | Computer Name = Tom-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
Home - Astonsoft failed, 00000084.
Error - 29/03/2009 11:47:05 | Computer Name = Tom-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\FormatFactory\FFModules\mencoder.exe failed, 00000005.
Error - 24/04/2009 11:06:30 | Computer Name = Tom-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Internet Explorer\iedw.exe failed, 00000005.
Error - 15/05/2009 07:58:01 | Computer Name = Tom-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Internet Explorer\iedw.exe failed, 00000005.
Error - 10/06/2009 14:18:31 | Computer Name = Tom-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Tom\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Low\Content.IE5\SGW0ULSY\6069DanceshowoffWeb[1].jpg
failed, 00000005.
Error - 21/06/2009 08:54:14 | Computer Name = Tom-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Tom\AppData\Local\Mozilla\Firefox\Profile s\rkni5dgz.default\Cache\_CACHE_MAP_
failed, 00000005.
Error - 22/06/2009 08:01:08 | Computer Name = Tom-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\Program\Media Studio\setup.exe failed, 00000015.
Error - 03/08/2009 03:58:22 | Computer Name = Tom-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds failed, 00000005.
Error - 21/03/2010 19:40:05 | Computer Name = Tom-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\ukMgr.dll failed, 00000005.
Error - 18/05/2010 10:08:51 | Computer Name = Tom-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Tom\AppData\Local\Temp\AcrA196.tmp failed, 00000005.
[ Application Events ]
Error - 26/06/2010 15:12:19 | Computer Name = Tom-PC | Source = LoadPerf | ID = 3012
Description =
Error - 26/06/2010 15:12:19 | Computer Name = Tom-PC | Source = LoadPerf | ID = 3011
Description =
Error - 26/06/2010 15:19:25 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26/06/2010 15:19:26 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27/06/2010 10:54:54 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27/06/2010 10:54:54 | Computer Name = Tom-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27/06/2010 12:00:23 | Computer Name = Tom-PC | Source = LoadPerf | ID = 3012
Description =
Error - 27/06/2010 12:00:23 | Computer Name = Tom-PC | Source = LoadPerf | ID = 3011
Description =
Error - 27/06/2010 12:30:18 | Computer Name = Tom-PC | Source = LoadPerf | ID = 3012
Description =
Error - 27/06/2010 12:30:18 | Computer Name = Tom-PC | Source = LoadPerf | ID = 3011
Description =
[ Media Center Events ]
Error - 29/08/2007 03:16:56 | Computer Name = Tom-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 08/29/2007 08:16:56. You may need to reschedule your recordings.
Error - 04/09/2007 17:06:37 | Computer Name = Tom-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 21/09/2007 04:40:48 | Computer Name = Tom-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 23/09/2007 11:13:01 | Computer Name = Tom-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 09/23/2007 16:13:01. You may need to reschedule your recordings.
Error - 27/10/2007 13:17:22 | Computer Name = Tom-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 10/27/2007 18:17:22. You may need to reschedule your recordings.
Error - 01/11/2007 10
Description = The recording schedule has been corrupted and was automatically deleted
on 11/01/2007 14
Error - 04/01/2008 10:53:03 | Computer Name = Tom-PC | Source = ehRecvr | ID = 4
Description =
Error - 16/04/2008 17:07:09 | Computer Name = Tom-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 22/07/2008 12:20:26 | Computer Name = Tom-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 07/22/2008 17:20:26. You may need to reschedule your recordings.
Error - 23/06/2010 15:07:30 | Computer Name = Tom-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 06/23/2010 20:07:30. You may need to reschedule your recordings.
[ System Events ]
Error - 27/06/2010 11:35:42 | Computer Name = Tom-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 27/06/2010 11:53:56 | Computer Name = Tom-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 27/06/2010 11:53:56 | Computer Name = Tom-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 27/06/2010 11:53:56 | Computer Name = Tom-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 27/06/2010 11:53:56 | Computer Name = Tom-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 27/06/2010 11:53:56 | Computer Name = Tom-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 27/06/2010 11:53:56 | Computer Name = Tom-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 27/06/2010 11:53:56 | Computer Name = Tom-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 27/06/2010 11:53:56 | Computer Name = Tom-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 27/06/2010 15:07:33 | Computer Name = Tom-PC | Source = Service Control Manager | ID = 7009
Description =
< End of report >
Senior Member
Update your Java version here: Verify Java Version
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).
================================================== =============
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9) SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Video ToolBox Capture:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\REBECCA5.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\REBECCA2.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\REBECCA10.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 047.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 046.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 045.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 044.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 043.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 042.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 041.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 040.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 039.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 038.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 037.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 036.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 035.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 034.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 033.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 032.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 031.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 030.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 029.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 028.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 027.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 026.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 025.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 024.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 023.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 022.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 021.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 020.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 019.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 018.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 017.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 016.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 015.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 014.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 013.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 012.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 011.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 010.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 009.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 008.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 007.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 006.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 005.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 004.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 003.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 002.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Picture 001.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Music Score:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\me and george1.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\me and george 2.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lkme.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lkgroup.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk9.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk8.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk7.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk6.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk56.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk55.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk54.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk53.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk52.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk51.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk50.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk5.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk49.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk48.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk47.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk46.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk45.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk44.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk43.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk42.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk41.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk40.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk39.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk38.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk37.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk36.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk35.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk34.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk33.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk32.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk31.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk30.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk29.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk28.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk27.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk26.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk25.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk24.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk23.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk22.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk21.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk20.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk2.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk19.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk18.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk17.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk16.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk15.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk14.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk13.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk11.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk10.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\lk1.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\Cyberlink:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\9.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\8.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\7.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\6.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\5.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\4.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\3.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\2006-05-07_Madeline_Albright_iPod.mp4:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\2.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\15.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\13rr.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\12rr.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\12lk.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\11.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\10.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\1.JPG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Tom\Documents\0324111439Analog TV.jpg:Roxio EMC Stream :Services :Reg :Files :Commands [purity] [emptytemp] [emptyflash] [resethosts] [Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
