Avast came up twice as saying it found a virus during that scan- Code: Select all
OTScanIt logfile created on: 21/11/2008 23:08:28
OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Christopher\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
702.17 Mb Total Physical Memory | 103.28 Mb Available Physical Memory | 14.71% Memory free
1.68 Gb Paging File | 1.08 Gb Available in Paging File | 64.54% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 38.82 Gb Free Space | 52.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP
Current User Name: Christopher
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
[Processes - Non-Microsoft Only]
wltrysvc.exe -> %SystemRoot%\system32\wltrysvc.exe -> [Ver = | Size = 18944 bytes | Modified Date = 20/01/2006 02:16:02 | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr = ]
btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr = ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 18/01/2005 00:38:38 | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 08/10/2004 22:44:24 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 08/10/2004 22:43:12 | Attr = ]
vsnp2uvc.exe -> %SystemRoot%\vsnp2uvc.exe -> Sonix [Ver = 1, 0, 0, 3 | Size = 569344 bytes | Modified Date = 12/03/2007 18:49:16 | Attr = ]
smoothview.exe -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 118784 bytes | Modified Date = 12/05/2005 10:31:38 | Attr = ]
padexe.exe -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077327 bytes | Modified Date = 17/11/2004 10:56:10 | Attr = ]
ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 404 | Size = 962560 bytes | Modified Date = 22/04/2005 19:54:14 | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5157 | Size = 344064 bytes | Modified Date = 28/06/2005 21:05:00 | Attr = ]
launch~1.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 70, 41, 5 | Size = 217088 bytes | Modified Date = 13/12/2005 07:49:08 | Attr = ]
toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 11/04/2005 11:26:06 | Attr = ]
skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R ]
pcsync2.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe -> Time Information Services Ltd. [Ver = 2.00 (468) | Size = 1302528 bytes | Modified Date = 22/02/2006 15:18:10 | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 3, 25 | Size = 1833296 bytes | Modified Date = 16/09/2008 12:16:08 | Attr = RHS]
servic~1.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 70, 45, 1 | Size = 120320 bytes | Modified Date = 07/11/2005 09:09:18 | Attr = ]
belkinwcui.exe -> %ProgramFiles%\Belkin\F5D7011\Belkinwcui.exe -> Belkin [Ver = 2, 1, 7, 48 | Size = 1572864 bytes | Modified Date = 18/04/2006 15:25:14 | Attr = ]
mpapi3s.exe -> %CommonProgramFiles%\Nokia\MPAPI\MPAPI3s.exe -> Nokia Corporation [Ver = 6.70.161.0 | Size = 471040 bytes | Modified Date = 28/10/2005 12:54:50 | Attr = ]
bluesoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe -> IVT Corporation [Ver = 1, 6, 4, 0 | Size = 1200128 bytes | Modified Date = 20/09/2005 09:28:16 | Attr = ]
skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 2.0.0.58 | Size = 76744 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.4 | Size = 307712 bytes | Modified Date = 15/11/2008 23:59:03 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr = ]
(BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 06/04/2005 15:03:28 | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 18/01/2005 00:38:38 | Attr = ]
(wltrysvc) Broadcom Wireless LAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wltrysvc.exe -> [Ver = | Size = 18944 bytes | Modified Date = 20/01/2006 02:16:02 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe ["C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"] -> ATI Technologies, Inc. [Ver = 6.14.10.5157 | Size = 344064 bytes | Modified Date = 28/06/2005 21:05:00 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr = ]
AVFX Engine -> %ProgramFiles%\Creative\Creative Live! Cam\VideoFX\StartFX.exe [C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe] -> Creative Technology Ltd. [Ver = 1.12.02.00 | Size = 24576 bytes | Modified Date = 16/08/2006 01:12:00 | Attr = ]
CFSServ.exe -> [CFSServ.exe -NoClient] -> File not found
dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k] -> File not found
NDSTray.exe -> [NDSTray.exe] -> File not found
PadTouch -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077327 bytes | Modified Date = 17/11/2004 10:56:10 | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe [C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray] -> Nokia [Ver = 6, 70, 41, 5 | Size = 217088 bytes | Modified Date = 13/12/2005 07:49:08 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 11/12/2007 10:56:54 | Attr = ]
SmoothView -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 118784 bytes | Modified Date = 12/05/2005 10:31:38 | Attr = ]
snp2uvc -> %SystemRoot%\vsnp2uvc.exe [C:\WINDOWS\vsnp2uvc.exe] -> Sonix [Ver = 1, 0, 0, 3 | Size = 569344 bytes | Modified Date = 12/03/2007 18:49:16 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 08/10/2004 22:43:12 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 08/10/2004 22:44:24 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 23/05/2008 22:49:54 | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
PcSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe [C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (468) | Size = 1302528 bytes | Modified Date = 22/02/2006 15:18:10 | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R ]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 3, 25 | Size = 1833296 bytes | Modified Date = 16/09/2008 12:16:08 | Attr = RHS]
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 11/04/2005 11:26:06 | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 17:43:18 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk -> %ProgramFiles%\Belkin\F5D7011\Belkinwcui.exe -> Belkin [Ver = 2, 1, 7, 48 | Size = 1572864 bytes | Modified Date = 18/04/2006 15:25:14 | Attr = ]
< Christopher Startup Folder > -> C:\Documents and Settings\Christopher\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 01:12:19 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/04/2008 01:12:38 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/04/2008 01:12:24 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 01:12:05 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/04/2008 01:12:41 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 46080 bytes | Modified Date = 29/06/2005 06:56:50 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 13/04/2008 19:40:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
< Drives with AutoRun files > -> ->
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 50 bytes | Modified Date = 01/07/2008 17:53:31 | Attr = ]
< HOSTS File > (287955 bytes and 9968 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5190 domain(s) found. ->
50 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5189 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 04:16:42 | Attr = ]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.57 | Size = 308856 bytes | Modified Date = 23/05/2008 22:50:06 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15/09/2008 14:25:44 | Attr = RHS]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 23:09:42 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_02\bin\NPJPI150_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.20.9 | Size = 69746 bytes | Modified Date = 04/03/2005 03:54:17 | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 23:09:42 | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 2, 14 | Size = 1562960 bytes | Modified Date = 15/09/2008 14:25:44 | Attr = RHS]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office12\EXCEL.EXE -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{20B8D8D4-9FCF-4337-8C59-030E6DBEFB2E} -> () ->
{4D20BC8D-50CD-476E-ABC5-BB2A9F944B7F} -> () ->
{94FCFDC5-07D1-47B9-956D-E54523B0517C} -> 87.250.98.250,87.250.97.250 (Belkin 802.11g Network Adapter) ->
{B11C8138-6A10-42BC-9A35-F9FBA65CD05D} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 12/08/2008 17:19:02 | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211467345664[WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214533828562[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> ->
[Files/Folders - Created Within 30 days]
mbr.exe -> %SystemDrive%\mbr.exe -> [Ver = | Size = 66048 bytes | Created Date = 20/11/2008 23:34:32 | Attr = ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Created Date = 20/11/2008 17:36:12 | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Created Date = 20/11/2008 17:36:11 | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 20/11/2008 17:36:11 | Attr = R ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 20/11/2008 17:36:19 | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 20/11/2008 17:36:12 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Created Date = 24/10/2008 13:54:00 | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 21/11/2008 22:45:14 | Attr = ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 20/11/2008 17:46:47 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/11/2008 18:23:50 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/11/2008 18:23:50 | Attr = H ]
[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 736350208 bytes | Modified Date = 21/11/2008 22:40:58 | Attr = HS]
mbr.exe -> %SystemDrive%\mbr.exe -> [Ver = | Size = 66048 bytes | Modified Date = 20/11/2008 23:44:45 | Attr = ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 287955 bytes | Modified Date = 17/11/2008 10:12:42 | Attr = R ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4401 | Size = 85969 bytes | Modified Date = 20/11/2008 17:36:12 | Attr = ]
4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 63930 bytes | Modified Date = 21/11/2008 22:45:44 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 406896 bytes | Modified Date = 21/11/2008 22:45:44 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 477670 bytes | Modified Date = 21/11/2008 22:45:44 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 21/11/2008 22:41:31 | Attr = ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 21/11/2008 22:41:01 | Attr = S]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14536 | Size = 884736 bytes | Modified Date = 20/11/2008 17:36:12 | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 20/11/2008 18:03:32 | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 20/11/2008 17:36:12 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 13/11/2008 23:57:51 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/11/2008 18:23:50 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/11/2008 18:23:50 | Attr = H ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 913 bytes | Modified Date = 30/10/2008 01:04:06 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 21/11/2008 22:41:12 | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 15/11/2005 14:33:27 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 13/11/2008 23:38:39 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4646 bytes | Modified Date = 13/11/2008 23:38:39 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 06/08/2008 22:32:06 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8464 bytes | Modified Date = 06/08/2008 22:25:04 | Attr = ]
C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 1 for gmer.zip\ -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 1 for gmer.zip\ -> [Folder | Modified Date = 20/11/2008 17:57:58 | Attr = H ]
gmer.exe -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe -> [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Modified Date = 17/04/2008 21:13:02 | Attr = ]
C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 2 for gmer.zip\ -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 2 for gmer.zip\ -> [Folder | Modified Date = 20/11/2008 18:03:21 | Attr = H ]
gmer.exe -> C:\Documents and Settings\Christopher\Local Settings\Temp\Temporary Directory 2 for gmer.zip\gmer.exe -> [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Modified Date = 17/04/2008 21:13:02 | Attr = ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 21/11/2008 22:45:37 | Attr = ]
Perflib_Perfdata_100.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_100.dat -> [Ver = | Size = 16384 bytes | Modified Date = 20/11/2008 17:57:17 | Attr = ]
Perflib_Perfdata_170.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_170.dat -> [Ver = | Size = 16384 bytes | Modified Date = 20/11/2008 17:47:23 | Attr = ]
Perflib_Perfdata_74c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 17/11/2008 11:18:24 | Attr = ]
Perflib_Perfdata_a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 21/11/2008 22:41:18 | Attr = ]
Perflib_Perfdata_a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 19/11/2008 14:09:16 | Attr = ]
Perflib_Perfdata_b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 20/11/2008 23:47:31 | Attr = ]
Perflib_Perfdata_c4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 20/11/2008 17:22:32 | Attr = ]
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\xeda0\x22a\xeda0\x22a\1"
"DeviceDesc"="\xeda0\x22a\xeda0\x22a\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x408"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\eng\display driver\sbdrv\smbus\smbusati.inf"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\Desktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\20071205\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Alice In Chains\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\ARW Chad\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\ARW OPSECD\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Bosnia Pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Nokia Memory Card\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Rammstein1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Rammstein2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Family Pix 01\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Family pix 02\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Stone Sour\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Jacks Commuinion\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\jacks communion pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\Metallica\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\20080624\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\20080913\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\20080922\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\20081017\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\Camera pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\Nokia Phone Pixs\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Christopher\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 37
< End of report >
_________________________________________________________________________
APPLICATION (There was double ERRORS with the same ID which I didn't include on both Application and system)
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 20/11/2008
Time: 17:24:52
User: N/A
Computer: LAPTOP
Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 61 68 6f 6f 4d YahooM
0018: 65 73 73 65 6e 67 65 72 essenger
0020: 2e 65 78 65 20 38 2e 31 .exe 8.1
0028: 2e 30 2e 34 32 31 20 69 .0.421 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 11/11/2008
Time: 19:13:47
User: N/A
Computer: LAPTOP
Description:
Hanging application SharePod.exe, version 3.8.7.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 53 68 61 72 65 50 ShareP
0018: 6f 64 2e 65 78 65 20 33 od.exe 3
0020: 2e 38 2e 37 2e 30 20 69 .8.7.0 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 22/10/2008
Time: 13:29:47
User: N/A
Computer: LAPTOP
Description:
Faulting application firefox.exe, version 1.9.0.3188, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001019e.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 66 69 72 ure fir
0018: 65 66 6f 78 2e 65 78 65 efox.exe
0020: 20 31 2e 39 2e 30 2e 33 1.9.0.3
0028: 31 38 38 20 69 6e 20 6e 188 in n
0030: 74 64 6c 6c 2e 64 6c 6c tdll.dll
0038: 20 35 2e 31 2e 32 36 30 5.1.260
0040: 30 2e 35 35 31 32 20 61 0.5512 a
0048: 74 20 6f 66 66 73 65 74 t offset
0050: 20 30 30 30 31 30 31 39 0001019
0058: 65 0d 0a e..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 13/09/2008
Time: 21:04:40
User: N/A
Computer: LAPTOP
Description:
Faulting application bluesoleil.exe, version 1.6.4.0, faulting module bluesoleil.exe, version 1.6.4.0, fault address 0x000614ca.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 62 6c 75 ure blu
0018: 65 73 6f 6c 65 69 6c 2e esoleil.
0020: 65 78 65 20 31 2e 36 2e exe 1.6.
0028: 34 2e 30 20 69 6e 20 62 4.0 in b
0030: 6c 75 65 73 6f 6c 65 69 luesolei
0038: 6c 2e 65 78 65 20 31 2e l.exe 1.
0040: 36 2e 34 2e 30 20 61 74 6.4.0 at
0048: 20 6f 66 66 73 65 74 20 offset
0050: 30 30 30 36 31 34 63 61 000614ca
0058: 0d 0a ..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 11/09/2008
Time: 16:04:53
User: N/A
Computer: LAPTOP
Description:
Faulting application belkinwcui.exe, version 2.1.7.48, faulting module brdcm2k.dll, version 0.9.1.3, fault address 0x00008ea4.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 62 65 6c ure bel
0018: 6b 69 6e 77 63 75 69 2e kinwcui.
0020: 65 78 65 20 32 2e 31 2e exe 2.1.
0028: 37 2e 34 38 20 69 6e 20 7.48 in
0030: 62 72 64 63 6d 32 6b 2e brdcm2k.
0038: 64 6c 6c 20 30 2e 39 2e dll 0.9.
0040: 31 2e 33 20 61 74 20 6f 1.3 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 30 38 65 61 34 0d 0a 008ea4..
Event Type: Error
Event Source: Application Hang
Event Category: None
Event ID: 1001
Date: 27/08/2008
Time: 09:20:44
User: N/A
Computer: LAPTOP
Description:
Fault bucket 506723909.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 35 30 36 37 32 33 39 30 50672390
0010: 39 0d 0a 9..
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 27/08/2008
Time: 09:20:30
User: N/A
Computer: LAPTOP
Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 61 68 6f 6f 4d YahooM
0018: 65 73 73 65 6e 67 65 72 essenger
0020: 2e 65 78 65 20 38 2e 31 .exe 8.1
0028: 2e 30 2e 34 32 31 20 69 .0.421 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 27/08/2008
Time: 09:20:28
User: N/A
Computer: LAPTOP
Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 61 68 6f 6f 4d YahooM
0018: 65 73 73 65 6e 67 65 72 essenger
0020: 2e 65 78 65 20 38 2e 31 .exe 8.1
0028: 2e 30 2e 34 32 31 20 69 .0.421 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 03/08/2008
Time: 08:10:27
User: N/A
Computer: LAPTOP
Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 61 68 6f 6f 4d YahooM
0018: 65 73 73 65 6e 67 65 72 essenger
0020: 2e 65 78 65 20 38 2e 31 .exe 8.1
0028: 2e 30 2e 34 32 31 20 69 .0.421 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000
Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 01/08/2008
Time: 20:47:20
User: N/A
Computer: LAPTOP
Description:
Hanging application YahooMessenger.exe, version 8.1.0.421, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 59 61 68 6f 6f 4d YahooM
0018: 65 73 73 65 6e 67 65 72 essenger
0020: 2e 65 78 65 20 38 2e 31 .exe 8.1
0028: 2e 30 2e 34 32 31 20 69 .0.421 i
0030: 6e 20 68 75 6e 67 61 70 n hungap
0038: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 30 30 30 30 0000
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 30/06/2008
Time: 01:09:01
User: N/A
Computer: LAPTOP
Description:
Faulting application belkinwcui.exe, version 2.1.7.48, faulting module brdcm2k.dll, version 0.9.1.3, fault address 0x00008ea4.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 62 65 6c ure bel
0018: 6b 69 6e 77 63 75 69 2e kinwcui.
0020: 65 78 65 20 32 2e 31 2e exe 2.1.
0028: 37 2e 34 38 20 69 6e 20 7.48 in
0030: 62 72 64 63 6d 32 6b 2e brdcm2k.
0038: 64 6c 6c 20 30 2e 39 2e dll 0.9.
0040: 31 2e 33 20 61 74 20 6f 1.3 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 30 38 65 61 34 0d 0a 008ea4..
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 17/06/2008
Time: 21:09:44
User: N/A
Computer: LAPTOP
Description:
Faulting application belkinwcui.exe, version 2.1.7.48, faulting module brdcm2k.dll, version 0.9.1.3, fault address 0x00008ea4.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 62 65 6c ure bel
0018: 6b 69 6e 77 63 75 69 2e kinwcui.
0020: 65 78 65 20 32 2e 31 2e exe 2.1.
0028: 37 2e 34 38 20 69 6e 20 7.48 in
0030: 62 72 64 63 6d 32 6b 2e brdcm2k.
0038: 64 6c 6c 20 30 2e 39 2e dll 0.9.
0040: 31 2e 33 20 61 74 20 6f 1.3 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 30 38 65 61 34 0d 0a 008ea4..
___________________________________________________
SYSTEM
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 20/11/2008
Time: 23:48:29
User: N/A
Computer: LAPTOP
Description:
Error code 1000008e, parameter1 c0000005, parameter2 000006f0, parameter3 ef822b50, parameter4 00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 38 1000008
0020: 65 20 20 50 61 72 61 6d e Param
0028: 65 74 65 72 73 20 63 30 eters c0
0030: 30 30 30 30 30 35 2c 20 000005,
0038: 30 30 30 30 30 36 66 30 000006f0
0040: 2c 20 65 66 38 32 32 62 , ef822b
0048: 35 30 2c 20 30 30 30 30 50, 0000
0050: 30 30 30 30 0000
Event Type: Error
Event Source: ipnathlp
Event Category: None
Event ID: 32003
Date: 20/11/2008
Time: 17:57:43
User: N/A
Computer: LAPTOP
Description:
The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1f 00 00 00 ....
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 17/11/2008
Time: 00:12:12
User: N/A
Computer: LAPTOP
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 17/11/2008
Time: 00:12:12
User: N/A
Computer: LAPTOP
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 17/11/2008
Time: 00:11:57
User: N/A
Computer: LAPTOP
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 17/11/2008
Time: 00:11:57
User: N/A
Computer: LAPTOP
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1001
Date: 11/11/2008
Time: 17:30:09
User: N/A
Computer: LAPTOP
Description:
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F86B07F. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c7 04 00 00 Ç...
Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1001
Date: 07/11/2008
Time: 10:54:29
User: N/A
Computer: LAPTOP
Description:
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F86B07F. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c7 04 00 00 Ç...
Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1001
Date: 26/10/2008
Time: 15:58:22
User: N/A
Computer: LAPTOP
Description:
Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00173F86B07F. The following error occurred:
The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c7 04 00 00 Ç...
Event Type: Error
Event Source: SideBySide
Event Category: None
Event ID: 36
Date: 24/10/2008
Time: 18:48:05
User: N/A
Computer: LAPTOP
Description:
The assembly x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a has missing or invalid files; recovery of this assembly failed.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 23/09/2008
Time: 01:03:04
User: LAPTOP\Christopher
Computer: LAPTOP
Description:
The server {ACF50018-41F8-476D-85FD-CD953DAE4A49} did not register with DCOM within the required timeout.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
__________________________________________________
There are quite alot of Yellow Warnings?Event Type: Warning
Event Source: Disk
Event Category: None
Event ID: 51
Date: 07/10/2008
Time: 21:01:50
User: N/A
Computer: LAPTOP
Description:
An error was detected on device \Device\Harddisk2\D during a paging operation.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 33 00 04 80 ....3..
0010: 2d 01 00 00 00 00 00 00 -.......
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 97 d2 04 00 00 00 00 00 Ò......
0030: ff ff ff ff 03 00 00 00 ÿÿÿÿ....
0038: 40 00 00 4e 00 00 00 00 @..N....
0040: 00 20 0a 12 40 02 20 40 . ..@. @
0048: 00 00 01 00 0a 00 00 00 ........
0050: 00 00 00 00 30 b1 64 82 ....0±d
0058: 00 00 00 00 08 a0 b0 82 ..... °
0060: 00 00 00 00 00 9c 06 00 .......
0068: 28 00 00 06 9c 00 00 00 (......
0070: 80 00 00 00 00 00 00 00 .......
0078: 00 00 00 00 00 00 00 00 ........
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........