Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Fake Windows Security Centre causing problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Fake Windows Security Centre causing problems

Unread postby Alochai » May 1st, 2011, 11:51 am

Description of the issue/s:

Woke up one morning (05/04/11) after an update to find "windows Security Center" asking for administrative permission, regrettably I allowed it without thinking. My PC rebooted and when it was back up it had caused massive problems with my pc. It had marked almost all of my documents and programs as hidden, removed my desktop background, was slowing my pc down massively, blocked use of task manager and was making a lot of scareware style pop-ups asking for money to fix the problem. Long term it also gave me a google redirect virus that I removed, although now its back and I cant find it. And there is a hidden process that seems to be accessing websites in the background. I know this because I can hear them, but there is no process or application, and rarely I get "internet explorer script error", I leave these windows open, as it seems to disable the process for the rest of the session.

After a few days work I managed to fix everything that was wrong apart from the google redirects and the hidden internet explorer process. I currently have AVG and HijackThis on my pc and used MalwareBytes for the first time within the last few days, it removed 40 errors AVG hadnt found, including the google redirector, but that is now back.

Notably my AVG -once- complained that there was a bad thread running inside my explorer.exe process, which is obviously system critical, I assume this is to do with the hidden browsing going on behind the curtains, although I could be wrong.

I have used AVG, HJT, Mbam, RUBOTTED, Rootkitbuster and CWSshredder so far, I think that is all.

The DDS logs:
DDS.txt:-
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Simon Harris at 16:40:27.54 on 01/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.510 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Simon Harris\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.Google.com/
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
mSearchURL = hxxp://www.Google.com/
mSearchAssistant =
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: 857060 helper: {6ccbafc1-5285-494f-93f1-6894c87a9c43} - 857060 Class
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a6acae64-f798-4930-ad86-bd3fb32038db} -
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - Windows Live Toolbar Helper
BHO: 1 (0x1) - No File
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Ask Toolbar
BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java(tm) Plug-In 2 SSV Helper
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
TB: Protection Bar: {84938242-5c5b-4a55-b6b9-a1507543b418} -
TB: Internet Service: {254b87bb-510d-41fa-a887-52c5fa9be585} -
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\docume~1\simonh~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\ereg\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d7050v5\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {0fe36c74-667b-454b-828e-75e4e72cbef8}: causes
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\simonh~1\applic~1\mozilla\firefox\profiles\evl7qoue.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox ... B:official
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?cl ... e=en_UK&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-9-28 38144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-5-1 54760]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-4-7 439632]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [2008-9-28 238848]
S2 gb;gb;c:\windows\system32\svchost.exe -k netsvcs [2004-6-24 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\bt4501g.sys --> c:\windows\system32\drivers\BT4501G.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 jswmidin;jswmidin;\??\c:\docume~1\simonh~1\locals~1\temp\jswmidin.sys --> c:\docume~1\simonh~1\locals~1\temp\jswmidin.sys [?]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2008-11-19 30080]
S3 TMHidF;Thrustmaster FireStorm(TM) Wireless Gamepad HID Driver;c:\windows\system32\drivers\tmhidf.sys --> c:\windows\system32\drivers\TMHidF.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-6-24 14336]
.
=============== Created Last 30 ================
.
2011-05-01 10:41:59 -------- d-----w- c:\docume~1\simonh~1\applic~1\Windows Search
2011-05-01 10:11:18 -------- d-----w- c:\documents and settings\simon harris\Tracing
2011-05-01 10:09:59 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-05-01 10:08:43 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-05-01 10:07:23 -------- d-----w- c:\program files\Microsoft
2011-05-01 10:07:07 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-05-01 10:06:25 4927864 ----a-w- c:\program files\common files\windows live\.cache\6ded26801cc07e7\Silverlight.2.0.exe
2011-05-01 10:04:53 74520 ----a-w- c:\program files\common files\windows live\.cache\376820741cc07e7\DSETUP.dll
2011-05-01 10:04:53 484632 ----a-w- c:\program files\common files\windows live\.cache\376820741cc07e7\DXSETUP.exe
2011-05-01 10:04:53 1670936 ----a-w- c:\program files\common files\windows live\.cache\376820741cc07e7\dsetup32.dll
2011-05-01 10:04:36 1013800 ----a-w- c:\program files\common files\windows live\.cache\2d330f241cc07e7\WindowsXP-KB954708-x86-ENU.exe
2011-05-01 09:51:43 -------- d-----w- c:\program files\common files\Windows Live
2011-05-01 09:50:20 -------- d-----w- c:\windows\system32\winrm
2011-05-01 09:50:15 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-05-01 09:49:52 -------- d-----w- c:\docume~1\simonh~1\locals~1\applic~1\Identities
2011-05-01 09:49:48 -------- d-----w- c:\docume~1\simonh~1\applic~1\Windows Desktop Search
2011-05-01 09:49:13 -------- d-----w- c:\windows\system32\GroupPolicy
2011-05-01 09:49:13 -------- d-----w- c:\program files\Windows Desktop Search
2011-04-29 15:06:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 14:29:27 -------- d-----w- c:\docume~1\simonh~1\applic~1\Malwarebytes
2011-04-29 14:29:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-28 02:02:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-04-26 20:10:53 53248 ----a-r- c:\docume~1\simonh~1\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2011-04-26 20:08:57 -------- d-----w- c:\program files\common files\LWS
2011-04-26 19:51:01 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-04-26 19:51:01 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-04-26 19:50:38 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-04-26 19:50:38 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-04-26 19:50:37 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-04-24 09:04:39 -------- d-----w- c:\program files\World of Warcraft
2011-04-24 09:04:39 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-04-24 09:03:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2011-04-07 21:06:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2011-04-07 15:05:23 -------- d-----w- c:\program files\WinPcap
2011-04-07 15:04:45 -------- d-----w- c:\program files\Trend Micro
2011-04-07 14:54:14 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-07 13:58:37 -------- d-----w- c:\program files\Bethesda Softworks
2011-04-07 12:22:32 -------- d-----w- c:\docume~1\simonh~1\applic~1\uTorrent
2011-04-06 19:06:31 -------- d-----w- c:\docume~1\simonh~1\applic~1\AVG
2011-04-06 14:57:58 -------- d--h--w- C:\$AVG
2011-04-06 14:53:22 -------- d-----w- c:\docume~1\simonh~1\applic~1\AVG10
2011-04-06 14:22:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Common Files
2011-04-06 14:20:43 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-06 14:20:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-04-06 13:46:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-06 13:46:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-06 13:41:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-04-02 02:17:43 -------- d-----w- c:\docume~1\simonh~1\applic~1\Uzwi
.
==================== Find3M ====================
.
2011-04-01 05:10:46 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-04-01 05:10:24 543328 ----a-w- c:\windows\system32\LVUI2.dll
2011-04-01 05:08:56 195168 ----a-w- c:\windows\system32\lvci13251014.dll
2011-04-01 05:08:36 301664 ----a-w- c:\windows\system32\lvcodec2.dll
2011-04-01 05:07:02 10877272 ----a-w- c:\windows\system32\LogiDPP.dll
2011-04-01 05:07:02 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-04-01 05:06:56 331608 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-04-01 04:56:20 39318 ----a-w- c:\windows\system32\Repository.reg
2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 16:41:01.62 ===============

Attach.txt:-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 24/06/2004 16:09:24
System Uptime: 01/05/2011 11:36:22 (5 hours ago)
.
Motherboard: | | SiS-661
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 478 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 114 GiB total, 65.309 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_1B101019&REV_10\3&61AAA01&1&70
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_1B101019&REV_10\3&61AAA01&1&70
Service: RTL8023
.
==== System Restore Points ===================
.
RP1034: 11/03/2011 03:00:18 - Software Distribution Service 3.0
RP1035: 12/03/2011 03:00:22 - Software Distribution Service 3.0
RP1036: 14/03/2011 07:05:16 - System Checkpoint
RP1037: 15/03/2011 07:14:44 - System Checkpoint
RP1038: 16/03/2011 08:02:44 - System Checkpoint
RP1039: 17/03/2011 08:26:43 - System Checkpoint
RP1040: 18/03/2011 09:22:40 - System Checkpoint
RP1041: 19/03/2011 10:22:39 - System Checkpoint
RP1042: 20/03/2011 10:58:39 - System Checkpoint
RP1043: 21/03/2011 11:22:38 - System Checkpoint
RP1044: 21/03/2011 13:53:52 - Installed %1 %2.
RP1045: 21/03/2011 13:53:57 - Printer Driver Microsoft XPS Document Writer Installed
RP1046: 22/03/2011 03:00:27 - Software Distribution Service 3.0
RP1047: 23/03/2011 03:00:24 - Software Distribution Service 3.0
RP1048: 23/03/2011 04:19:31 - Printer Driver Microsoft XPS Document Writer Installed
RP1049: 24/03/2011 03:00:21 - Software Distribution Service 3.0
RP1050: 25/03/2011 03:00:28 - Software Distribution Service 3.0
RP1051: 26/03/2011 03:00:24 - Software Distribution Service 3.0
RP1052: 27/03/2011 14:50:33 - System Checkpoint
RP1053: 30/03/2011 16:21:14 - System Checkpoint
RP1054: 01/04/2011 05:11:43 - System Checkpoint
RP1055: 02/04/2011 05:20:56 - System Checkpoint
RP1056: 03/04/2011 06:20:56 - System Checkpoint
RP1057: 04/04/2011 06:32:56 - System Checkpoint
RP1058: 05/04/2011 07:08:56 - System Checkpoint
RP1059: 05/04/2011 23:08:05 - Installed Morrowind
RP1060: 05/04/2011 23:10:54 - Removed TES Construction Set
RP1061: 05/04/2011 23:13:26 - Removed Morrowind
RP1062: 05/04/2011 23:14:47 - Installed Morrowind
RP1063: 06/04/2011 13:40:06 - Installed Java(TM) 6 Update 24
RP1064: 06/04/2011 14:45:18 - Restore Operation
RP1065: 06/04/2011 14:54:43 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1066: 06/04/2011 14:54:54 - Installed AVG 2011
RP1067: 06/04/2011 14:55:12 - Removed AVG Identity Protection.
RP1068: 06/04/2011 15:20:25 - Installed AVG 2011
RP1069: 06/04/2011 22:51:06 - Removed Icewind Dale II
RP1070: 06/04/2011 22:51:26 - Removed Icewind Dale II
RP1071: 06/04/2011 22:59:34 - Configured iPod for Windows 2006-06-28
RP1072: 07/04/2011 00:34:47 - Removed Age of Empires III
RP1073: 07/04/2011 00:36:38 - Removed Apple Mobile Device Support
RP1074: 07/04/2011 00:37:51 - Removed Apple Software Update
RP1075: 07/04/2011 00:38:21 - Removed Apple Application Support
RP1076: 07/04/2011 00:53:55 - Removed Severance: Blade of Darkness
RP1077: 07/04/2011 01:05:13 - Removed iTunes
RP1078: 07/04/2011 01:11:13 - Removed Java DB 10.2.2.0
RP1079: 07/04/2011 01:16:50 - Removed Ventrilo Server
RP1080: 07/04/2011 01:17:18 - Removed Ventrilo Client
RP1081: 07/04/2011 01:18:16 - Removed Windows Live Messenger
RP1082: 07/04/2011 01:19:42 - Removed Windows Live Sign-in Assistant
RP1083: 07/04/2011 01:20:20 - Removed Replay
RP1084: 07/04/2011 01:21:34 - Removed Java(TM) SE Development Kit 6 Update 2
RP1085: 07/04/2011 01:23:51 - Removed Java(TM) 6 Update 7
RP1086: 07/04/2011 01:24:38 - Removed Java(TM) 6 Update 2
RP1087: 07/04/2011 01:25:42 - Removed Java(TM) 6 Update 12
RP1088: 07/04/2011 01:28:51 - Removed Age of Empires III
RP1089: 07/04/2011 01:29:20 - Removed Microsoft Silverlight
RP1090: 07/04/2011 01:38:41 - Removed Bonjour
RP1091: 07/04/2011 13:25:14 - Removed Age of Empires III
RP1092: 07/04/2011 14:58:37 - Installed Morrowind
RP1093: 09/04/2011 00:56:55 - Installed Tribunal
RP1094: 09/04/2011 00:59:04 - Installed Tribunal
RP1095: 09/04/2011 01:05:55 - Installed Bloodmoon
RP1096: 09/04/2011 03:00:20 - Software Distribution Service 3.0
RP1097: 12/04/2011 02:19:48 - System Checkpoint
RP1098: 13/04/2011 03:41:26 - System Checkpoint
RP1099: 14/04/2011 12:13:43 - Software Distribution Service 3.0
RP1100: 15/04/2011 16:18:04 - System Checkpoint
RP1101: 15/04/2011 18:37:28 - RegZooka Safe Scan Backup
RP1102: 16/04/2011 20:43:52 - System Checkpoint
RP1103: 17/04/2011 21:31:01 - System Checkpoint
RP1104: 18/04/2011 21:31:07 - System Checkpoint
RP1105: 20/04/2011 01:55:43 - System Checkpoint
RP1106: 21/04/2011 02:02:21 - System Checkpoint
RP1107: 22/04/2011 12:17:42 - System Checkpoint
RP1108: 23/04/2011 17:21:38 - System Checkpoint
RP1109: 26/04/2011 23:41:57 - System Checkpoint
RP1110: 27/04/2011 23:57:35 - System Checkpoint
RP1111: 28/04/2011 03:00:16 - Software Distribution Service 3.0
RP1112: 29/04/2011 03:32:58 - System Checkpoint
RP1113: 30/04/2011 03:00:16 - Software Distribution Service 3.0
RP1114: 01/05/2011 03:20:30 - System Checkpoint
RP1115: 01/05/2011 10:44:20 - Software Distribution Service 3.0
RP1116: 01/05/2011 10:48:12 - Software Distribution Service 3.0
RP1117: 01/05/2011 12:09:56 - Removed Microsoft SQL Server 2005 Compact Edition [ENU]
RP1118: 01/05/2011 12:13:40 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Adobe Setup
Adobe Shockwave Player 11
Adobe Update Manager CS3
Ask Toolbar
AVG 2011
AVG PC Tuneup 2011
Belkin Wireless G USB Adapter Software
Bonjour
CameraHelperMsi
erLT
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954708)
Junk Mail filter update
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Morrowind
Mozilla Firefox (3.6.17)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Display Driver
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
Popup Blocker (Windows Live Toolbar)
PowerDVD
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Samsung PC Studio 2.0 PIM & File Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Segoe UI
Skype Toolbars
Skype™ 5.1
Tabbed Browsing (Windows Live Toolbar)
TravianManager
Trend Micro RUBotted 2.0 Beta
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2492386)
VideoLAN VLC media player 0.8.6b
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPcap 4.1.1
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
29/04/2011 15:49:25, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
29/04/2011 15:49:09, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
29/04/2011 14:04:01, error: System Error [1003] - Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 04030209, parameter4 e23f31c8.
28/04/2011 03:00:20, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
01/05/2011 12:10:08, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
01/05/2011 11:37:53, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
01/05/2011 11:37:21, error: Service Control Manager [7023] - The gb service terminated with the following error: The specified module could not be found.
01/05/2011 11:08:00, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
01/05/2011 11:08:00, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/05/2011 11:07:59, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

Thanks.
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am
Advertisement
Register to Remove

Re: Fake Windows Security Centre causing problems

Unread postby askey127 » May 3rd, 2011, 3:09 pm

Hi Alochai,
We need to remove the AVG programs so our tools will run correctly.
-------------------------------------------------------
Download and Run Unhide
New tool to fix files that were made hidden by the HDD Defrag rogues.
This program unhide.exe will attrib -h all files located on the computer's fixed disks.
Please note that this will unhide even those that are purposely hidden.
Will not touch files that are system files and meant to be hidden by Windows.

http://download.bleepingcomputer.com/grinler/unhide.exe
Save to your desktop and double click to run it.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
------------------------------------------------
Remove AVG programs and the obsolete Adobe Reader Using the Control Panel
(We will replace Adobe Reader later)
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click these Entries, choose Uninstall/Change, and give permission to Continue:

AVG 2011
AVG PC Tuneup 2011
Adobe Reader 6.0

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
Install Antivir
Right Click the Avira Antivir Installer you saved on your desktop, choose "Run as administrator", and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any items it finds.
IMPORTANT >> tell it to DELETE or QUARANTINE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop). Extras.txt will not be present if you have run OTL before.
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
  • The log from Antivir
  • OTL.txt
  • Extras.txt
Feel free to use separate replies.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Fake Windows Security Centre causing problems

Unread postby Alochai » May 3rd, 2011, 6:42 pm

Thankyou askey127 for taking the time to help me.

I downloded and ran unhide with no problems, hopefully thats unhidden any files I missed when I went on a unhiding spree.

Antivir Free was downloaded without problems.

I removed the three programs as per your instructions, no problems there.

Rebooted, as per the instruction, did not notice anything notably different on reboot.

Antivir installed and updated without issue. I set it scanning as per instructions, it found and quarantined 1 trojan.

-notable update- About 5 minutes after the trojan was quarantined a huge amount of IE script error message windows were created, I tried moving a few to see how many there were, it looked like one of those cases where the windows were going on 'ad infinitum'. My PC at that point was basically unusable and I had to use the task manager to initiate a shutdown. At that time the computer mentioned that both the explorer.exe and ctfmon.exe processes had crashed. Since reboot the symptoms of random background audio and IE script error window popups seems to be gone. The Google redirect symptom has not disappeared.

I ran OTL as per instructions after the reboot.

All logs in seperate posts coming up.

Thanks again, Alochai.
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am

Avira Report

Unread postby Alochai » May 3rd, 2011, 6:44 pm

Avira AntiVir Personal
Report file date: 03 May 2011 21:37

Scanning for 2661324 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MY_WORLD

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 01/04/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 01/04/2011 16:07:43
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2011 16:07:57
LUKE.DLL : 10.0.3.2 104296 Bytes 01/04/2011 16:07:53
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 15:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 15:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 20:34:20
VBASE004.VDF : 7.11.5.226 2048 Bytes 07/04/2011 20:34:20
VBASE005.VDF : 7.11.5.227 2048 Bytes 07/04/2011 20:34:20
VBASE006.VDF : 7.11.5.228 2048 Bytes 07/04/2011 20:34:20
VBASE007.VDF : 7.11.5.229 2048 Bytes 07/04/2011 20:34:20
VBASE008.VDF : 7.11.5.230 2048 Bytes 07/04/2011 20:34:20
VBASE009.VDF : 7.11.5.231 2048 Bytes 07/04/2011 20:34:20
VBASE010.VDF : 7.11.5.232 2048 Bytes 07/04/2011 20:34:20
VBASE011.VDF : 7.11.5.233 2048 Bytes 07/04/2011 20:34:20
VBASE012.VDF : 7.11.5.234 2048 Bytes 07/04/2011 20:34:21
VBASE013.VDF : 7.11.6.28 158208 Bytes 11/04/2011 20:34:21
VBASE014.VDF : 7.11.6.74 116224 Bytes 13/04/2011 20:34:22
VBASE015.VDF : 7.11.6.113 137728 Bytes 14/04/2011 20:34:22
VBASE016.VDF : 7.11.6.150 146944 Bytes 18/04/2011 20:34:23
VBASE017.VDF : 7.11.6.192 138240 Bytes 20/04/2011 20:34:23
VBASE018.VDF : 7.11.6.237 156160 Bytes 22/04/2011 20:34:24
VBASE019.VDF : 7.11.7.45 427520 Bytes 27/04/2011 20:34:25
VBASE020.VDF : 7.11.7.64 192000 Bytes 28/04/2011 20:34:26
VBASE021.VDF : 7.11.7.97 182272 Bytes 02/05/2011 20:34:26
VBASE022.VDF : 7.11.7.98 2048 Bytes 02/05/2011 20:34:27
VBASE023.VDF : 7.11.7.99 2048 Bytes 02/05/2011 20:34:27
VBASE024.VDF : 7.11.7.100 2048 Bytes 02/05/2011 20:34:27
VBASE025.VDF : 7.11.7.101 2048 Bytes 02/05/2011 20:34:27
VBASE026.VDF : 7.11.7.102 2048 Bytes 02/05/2011 20:34:27
VBASE027.VDF : 7.11.7.103 2048 Bytes 02/05/2011 20:34:27
VBASE028.VDF : 7.11.7.104 2048 Bytes 02/05/2011 20:34:27
VBASE029.VDF : 7.11.7.105 2048 Bytes 02/05/2011 20:34:27
VBASE030.VDF : 7.11.7.106 2048 Bytes 02/05/2011 20:34:27
VBASE031.VDF : 7.11.7.124 129024 Bytes 03/05/2011 20:34:27
Engineversion : 8.2.4.226
AEVDF.DLL : 8.1.2.1 106868 Bytes 28/03/2011 15:15:27
AESCRIPT.DLL : 8.1.3.60 1249658 Bytes 03/05/2011 20:34:37
AESCN.DLL : 8.1.7.2 127349 Bytes 28/03/2011 15:15:27
AESBX.DLL : 8.1.3.2 254324 Bytes 28/03/2011 15:15:26
AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 11:21:38
AEPACK.DLL : 8.2.6.0 549237 Bytes 03/05/2011 20:34:36
AEOFFICE.DLL : 8.1.1.21 205179 Bytes 03/05/2011 20:34:35
AEHEUR.DLL : 8.1.2.112 3473784 Bytes 03/05/2011 20:34:34
AEHELP.DLL : 8.1.16.1 246134 Bytes 28/03/2011 15:15:20
AEGEN.DLL : 8.1.5.4 397684 Bytes 03/05/2011 20:34:29
AEEMU.DLL : 8.1.3.0 393589 Bytes 28/03/2011 15:15:19
AECORE.DLL : 8.1.20.2 196982 Bytes 03/05/2011 20:34:29
AEBB.DLL : 8.1.1.0 53618 Bytes 28/03/2011 15:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 28/03/2011 15:15:31
AVPREF.DLL : 10.0.0.0 44904 Bytes 01/04/2011 16:07:42
AVREP.DLL : 10.0.0.9 174120 Bytes 03/05/2011 20:34:37
AVREG.DLL : 10.0.3.2 53096 Bytes 01/04/2011 16:07:42
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 01/04/2011 16:07:43
AVARKT.DLL : 10.0.22.6 231784 Bytes 01/04/2011 16:07:38
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 01/04/2011 16:07:41
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 28/03/2011 15:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 28/03/2011 15:15:39
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 01/04/2011 16:07:58
RCTEXT.DLL : 10.0.58.0 97128 Bytes 28/03/2011 15:15:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 03 May 2011 21:37

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avgnt.exe' - '52' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'skypePM.exe' - '55' Module(s) have been scanned
Scan process 'Belkinwcui.exe' - '45' Module(s) have been scanned
Scan process 'Skype.exe' - '138' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'LWS.exe' - '34' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '29' Module(s) have been scanned
Scan process 'QTTask.exe' - '19' Module(s) have been scanned
Scan process 'RealPlay.exe' - '91' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '23' Module(s) have been scanned
Scan process 'firefox.exe' - '110' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned
Scan process 'Explorer.EXE' - '140' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'SeaPort.exe' - '56' Module(s) have been scanned
Scan process 'RUBotSrv.exe' - '70' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '39' Module(s) have been scanned
Scan process 'mdm.exe' - '21' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'UMVPFSrv.exe' - '16' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'svchost.exe' - '180' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '58' Module(s) have been scanned
Scan process 'winlogon.exe' - '67' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1116' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1112\A0533830.exe
[DETECTION] Is the TR/Trash.Gen Trojan

Beginning disinfection:
C:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP1112\A0533830.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4e4fd16c.qua'.


End of the scan: 03 May 2011 22:37
Used time: 59:47 Minute(s)

The scan has been done completely.

7387 Scanned directories
206453 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
206452 Files not concerned
6628 Archives were scanned
0 Warnings
2 Notes
413222 Objects were scanned with rootkit scan
1 Hidden objects were found
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am

OTL.Txt

Unread postby Alochai » May 3rd, 2011, 6:46 pm

OTL logfile created on: 03/05/2011 23:10:05 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Simon Harris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.35 Gb Total Space | 65.71 Gb Free Space | 57.46% Space Free | Partition Type: NTFS

Computer Name: MY_WORLD | User Name: Simon Harris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 22:58:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
PRC - [2011/04/01 06:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/15 13:19:44 | 001,564,672 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
PRC - [2004/02/02 19:08:31 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2003/10/09 01:41:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/03 22:58:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gb)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/01 06:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/09/08 00:05:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/01 06:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2011/04/01 06:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/09/16 19:09:24 | 000,030,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/01 06:13:20 | 000,238,848 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2007/03/08 21:22:11 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/05/17 13:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/09/17 08:05:00 | 000,084,512 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2004/09/17 08:05:00 | 000,006,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2004/09/17 08:04:00 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) Samsung Mobile USB Device 1.0 driver (WDM)
DRV - [2004/08/04 06:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/02 19:08:36 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/10/10 02:52:08 | 000,475,788 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/10/04 20:25:56 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/03/26 00:50:46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 23:14:46 | 000,049,024 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/29 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/08/21 01:19:08 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2001/08/18 05:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/18 05:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/18 05:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/18 05:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/18 05:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/18 05:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/18 05:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/18 05:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/18 05:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 EA 0F A9 1F F5 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_UK&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/03/25 04:06:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:00:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 11:00:51 | 000,000,000 | ---D | M]

[2009/03/29 15:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Extensions
[2009/03/29 15:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/03 04:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions
[2011/04/14 12:47:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 12:47:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/04/06 14:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions\toolbar@ask.com
[2009/12/31 17:30:58 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\searchplugins\askcom.xml
[2011/05/03 04:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/30 11:00:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/16 11:09:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2011/04/06 14:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/30 11:00:44 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2011/04/30 11:00:44 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/11 05:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2011/04/30 11:00:47 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/09/10 19:48:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/10 19:48:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/10 19:48:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/10 19:48:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/10 19:48:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/10 19:48:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/10 19:48:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/03/22 16:26:59 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/22 16:26:59 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/03/22 16:26:59 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/22 16:26:59 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/03/22 16:26:59 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/22 16:26:59 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/03/22 16:27:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/03/22 16:27:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2007/04/05 19:05:58 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (857060 Class) - {6CCBAFC1-5285-494F-93F1-6894C87A9C43} - Reg Error: Value error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: () - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - Reg Error: Value error. File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Internet Service) - {254B87BB-510D-41FA-A887-52C5FA9BE585} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Protection Bar) - {84938242-5C5B-4A55-B6B9-A1507543B418} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Protection Bar) - {84938242-5C5B-4A55-B6B9-A1507543B418} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Simon Harris\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {0fe36c74-667b-454b-828e-75e4e72cbef8} - causes - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/27 08:40:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/03 22:58:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
[2011/05/03 22:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Avira
[2011/05/03 22:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/03 22:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/03 21:37:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/03 21:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Avira
[2011/05/03 21:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/03 21:33:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/03 21:33:05 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/03 21:33:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/03 21:33:05 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/03 21:33:04 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/03 21:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/03 21:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/01 11:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Search
[2011/05/01 11:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/05/01 11:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Tracing
[2011/05/01 11:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/05/01 11:09:59 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2011/05/01 11:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/05/01 11:08:43 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/05/01 11:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/05/01 11:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/05/01 11:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/05/01 11:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/05/01 11:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/05/01 10:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/01 10:50:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/05/01 10:50:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/01 10:50:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/01 10:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\Identities
[2011/05/01 10:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Desktop Search
[2011/05/01 10:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/05/01 10:49:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/04/30 10:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\My Documents\CyberLink
[2011/04/29 16:06:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/29 16:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/29 15:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Malwarebytes
[2011/04/29 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/29 15:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Desktop\Security Utilities
[2011/04/28 03:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/04/26 21:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2011/04/26 21:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\My Documents\Videos
[2011/04/26 21:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Leadertech
[2011/04/26 21:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/04/26 21:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011/04/26 21:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/04/26 21:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/04/26 21:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/04/26 20:51:01 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/04/26 20:50:38 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/04/26 20:50:38 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/04/26 20:50:37 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2011/04/26 20:50:37 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/04/24 10:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/04/24 10:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2011/04/24 10:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/04/24 10:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2011/04/07 22:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2011/04/07 16:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2011/04/07 16:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/04/07 16:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro RUBotted
[2011/04/07 16:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/07 15:54:14 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/07 14:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bethesda Softworks
[2011/04/07 14:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/04/07 13:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\uTorrent
[2011/04/06 23:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Desktop\Purge
[2011/04/06 15:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\AVG10
[2011/04/06 15:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/06 15:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/06 14:46:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Simon Harris\Recent
[2011/04/06 14:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/03 23:05:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/03 23:05:11 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/03 23:04:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 23:04:50 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/03 22:58:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
[2011/05/03 21:33:20 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/03 21:02:34 | 000,504,657 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Desktop\unhide.exe
[2011/05/03 15:12:39 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/05/02 03:01:00 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/01 16:37:28 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Desktop\dds.scr
[2011/05/01 11:41:40 | 000,464,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 11:41:40 | 000,079,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 11:37:03 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 10:49:26 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/04/30 13:45:28 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/30 10:12:57 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 16:00:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\housecall.guid.cache
[2011/04/29 12:45:04 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/04/26 21:08:35 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
[2011/04/07 16:05:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/04/07 15:54:14 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/07 14:58:38 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Morrowind.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 21:33:20 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/03 21:02:34 | 000,504,657 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Desktop\unhide.exe
[2011/05/01 16:37:28 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Desktop\dds.scr
[2011/05/01 10:49:26 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/05/01 10:49:26 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/04/30 10:11:49 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 16:00:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\housecall.guid.cache
[2011/04/29 12:45:04 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/04/26 21:08:35 | 000,001,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
[2011/04/24 10:04:39 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/04/07 16:05:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\-1
[2011/04/07 14:58:38 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Morrowind.lnk
[2011/04/01 06:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 06:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 06:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 05:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/12/31 01:21:27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/06/04 13:21:26 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/02/17 16:39:32 | 000,026,736 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/19 14:55:30 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2008/10/12 00:06:37 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/28 15:04:20 | 000,013,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\string.ini
[2008/09/11 09:40:31 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 15:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 15:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/03/21 01:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/12 15:31:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/13 20:27:10 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/03/31 17:29:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/03/13 21:19:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/03/02 21:52:57 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/03/02 21:52:57 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/02/16 14:48:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/01 15:11:48 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/10/30 18:51:47 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/10/30 18:51:47 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/07/29 13:33:10 | 000,000,287 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/17 16:46:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/11 14:18:48 | 000,002,115 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/04/29 23:49:16 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wa.INI
[2005/02/05 22:44:54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/02/05 22:44:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/02/05 22:44:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/01/15 12:50:39 | 000,000,381 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/12/12 00:24:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\INSIGHT.INI
[2004/09/20 21:23:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/20 18:57:24 | 000,000,151 | ---- | C] () -- C:\WINDOWS\SCNIMAGE.INI
[2004/09/20 18:27:24 | 000,005,090 | ---- | C] () -- C:\WINDOWS\cool.ini
[2004/09/20 18:26:08 | 000,127,023 | ---- | C] () -- C:\WINDOWS\c96unins.exe
[2004/07/27 12:45:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/07/27 12:45:12 | 000,000,009 | ---- | C] () -- C:\WINDOWS\GSP_APRG.INI
[2004/07/22 20:01:24 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2004/07/17 00:51:31 | 000,000,141 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/07/17 00:50:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\lyriq.INI
[2004/07/04 15:12:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/06/28 15:31:30 | 000,000,729 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2004/06/28 15:31:07 | 000,000,114 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/06/24 22:13:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/06/24 22:13:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/06/24 22:13:38 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/06/24 22:13:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/06/24 22:13:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 22:13:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/06/24 22:13:06 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/06/24 22:12:03 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/06/24 22:11:34 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/24 16:21:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2004/02/02 19:30:39 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2004/02/02 19:30:39 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/02/02 19:30:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004/02/02 19:30:39 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2004/02/02 19:30:39 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2004/02/02 19:08:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/02/02 19:02:39 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/02/02 18:57:44 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/02/02 18:57:41 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/02/02 18:56:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2004/01/31 00:59:49 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2003/11/17 18:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/11/17 18:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/03/27 14:28:14 | 000,001,384 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/27 14:27:26 | 000,464,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/27 14:27:26 | 000,079,822 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/27 09:50:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/27 08:43:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/03/27 08:38:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/03/27 07:32:24 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/27 00:33:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1997/04/01 00:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/04/01 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1996/12/09 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/09 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/05/03 21:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/07 13:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/04/16 06:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/04/06 14:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/15 02:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/05/03 21:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/05 17:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/20 20:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wmp
[2009/09/10 19:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/24 12:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/06 15:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\AVG10
[2009/04/05 22:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\BitZipper
[2011/04/07 01:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Dev-Cpp
[2011/04/06 15:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Dropbox
[2009/04/07 21:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\gtk-2.0
[2011/04/26 21:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Leadertech
[2008/09/05 23:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Obsidium
[2011/03/23 23:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\UDP Software
[2011/04/07 13:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\uTorrent
[2011/04/06 15:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Uzwi
[2008/08/21 17:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Viewpoint
[2011/05/01 10:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Desktop Search
[2011/05/01 11:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8178B8D6
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C

< End of report >
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am

Extras.Txt

Unread postby Alochai » May 3rd, 2011, 6:51 pm

OTL Extras logfile created on: 03/05/2011 23:10:05 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Simon Harris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.35 Gb Total Space | 65.71 Gb Free Space | 57.46% Space Free | Partition Type: NTFS

Computer Name: MY_WORLD | User Name: Simon Harris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"3784:TCP" = 3784:TCP:*:Enabled:VentTCP
"3784:UDP" = 3784:UDP:*:Enabled:VentUDP
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A1919-3BBA-4BD5-8B3C-3851879AC185}" = Morrowind
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4513F51E-3D1B-4791-B652-4C8B263ACD07}" = Samsung PC Studio 2.0 PIM & File Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Software
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer Basic
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TravianManager" = TravianManager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/04/2011 08:40:34 | Computer Name = MY_WORLD | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
morrowind.exe, version 1.6.0.1820, fault address 0x0018bf63.

Error - 25/04/2011 10:27:48 | Computer Name = MY_WORLD | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00037696.

Error - 25/04/2011 12:25:27 | Computer Name = MY_WORLD | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
morrowind.exe, version 1.6.0.1820, fault address 0x0018bf63.

Error - 25/04/2011 14:36:48 | Computer Name = MY_WORLD | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
morrowind.exe, version 1.6.0.1820, fault address 0x0018bf63.

Error - 25/04/2011 14:42:04 | Computer Name = MY_WORLD | Source = ESENT | ID = 490
Description = svchost (1772) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 27/04/2011 16:59:03 | Computer Name = MY_WORLD | Source = Application Error | ID = 1000
Description = Faulting application morrowind.exe, version 1.6.0.1820, faulting module
morrowind.exe, version 1.6.0.1820, fault address 0x00189184.

Error - 01/05/2011 06:39:22 | Computer Name = MY_WORLD | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 01/05/2011 11:37:47 | Computer Name = MY_WORLD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\SIMON HARRIS\MY DOCUMENTS\DOWNLOADS\TMRBLOG\SYSTEM>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 03/05/2011 16:03:20 | Computer Name = MY_WORLD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module wzcsvc.dll, version 5.1.2600.5512, fault address 0x0002d3ae.

Error - 03/05/2011 16:03:34 | Computer Name = MY_WORLD | Source = Application Error | ID = 1001
Description = Fault bucket 739266278.

[ System Events ]
Error - 03/05/2011 16:40:11 | Computer Name = MY_WORLD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 03/05/2011 16:40:13 | Computer Name = MY_WORLD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 03/05/2011 16:40:14 | Computer Name = MY_WORLD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 03/05/2011 16:40:16 | Computer Name = MY_WORLD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 03/05/2011 16:47:25 | Computer Name = MY_WORLD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 03/05/2011 16:47:25 | Computer Name = MY_WORLD | Source = VolSnap | ID = 393230
Description = The shadow copy of volume C: was aborted because of an IO failure.

Error - 03/05/2011 16:52:22 | Computer Name = MY_WORLD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 03/05/2011 16:52:22 | Computer Name = MY_WORLD | Source = VolSnap | ID = 393230
Description = The shadow copy of volume C: was aborted because of an IO failure.

Error - 03/05/2011 18:05:09 | Computer Name = MY_WORLD | Source = Service Control Manager | ID = 7023
Description = The gb service terminated with the following error: %%126

Error - 03/05/2011 18:07:17 | Computer Name = MY_WORLD | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).


< End of report >
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am

Re: Fake Windows Security Centre causing problems

Unread postby Alochai » May 4th, 2011, 6:16 am

-Overnight update- The random background audio and IE script error symptoms are not gone, they were just taking their time to manifest themselves.
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am

Re: Fake Windows Security Centre causing problems

Unread postby askey127 » May 4th, 2011, 7:18 am

Alochai,
-----------------------------------------------------------
About Starforce
There are games that install Starforce drivers without asking permission. They control a large part of your machine, and are not removed when the Games are uninstalled.
A description is here: http://en.wikipedia.org/wiki/StarForce
These drivers really corrupt your system to suit the objectives of the games purveyors.
The list of games is here: http://groups.google.com/group/boycott-starforce/web/games-list
Instructions to Uninstall the Starforce drivers are here: http://www.glop.org/starforce/detect.php

I would suggest that you go through the process to Uninstall those drivers, but it's your call.
I will help with that if you wish, or you may be able to do it yourself, using those Uninstall instructions.
It's your call, but if you decide to keep them, I cannot guarantee that the corrections we make to fix your system will work with Starforce drivers. It's possible that the system could "break", and Windows would have to be re-installed..

I am ready to do some changes and removals, but I wanted to let you know about this first.
Let me know what you would like to do.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Fake Windows Security Centre causing problems

Unread postby Alochai » May 4th, 2011, 5:34 pm

Thankyou for bringing that potentially dangerous backdoor into my system to my attention, i'll be more careful of that product in the future.

As far as I know, all traces of StarForce are gone from my PC, after running the tool I searched the folder directories and registry manually, some registry keys remained, but after altering permissions on those keys I was able to remove them.

Edit- Learn to proofread.
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am

Re: Fake Windows Security Centre causing problems

Unread postby askey127 » May 4th, 2011, 6:17 pm

Alochai,
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    DRV - [2005/05/17 13:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
    DRV - [2005/05/16 14:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
    DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_UK&q="
    [2011/04/06 14:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions\toolbar@ask.com
    [2009/12/31 17:30:58 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\searchplugins\askcom.xml
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (857060 Class) - {6CCBAFC1-5285-494F-93F1-6894C87A9C43} - Reg Error: Value error. File not found
    O2 - BHO: () - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - Reg Error: Value error. File not found
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (Internet Service) - {254B87BB-510D-41FA-A887-52C5FA9BE585} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (Protection Bar) - {84938242-5C5B-4A55-B6B9-A1507543B418} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Protection Bar) - {84938242-5C5B-4A55-B6B9-A1507543B418} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
    C:\WINDOWS\System32\-1
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8178B8D6
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 1
    "UpdatesDisableNotify" = 1
    
    :Files
    C:\WINDOWS\System32\drivers\sfdrv01.sys
    C:\WINDOWS\System32\drivers\sfsync02.sys
    C:\WINDOWS\System32\drivers\sfhlp02.sys
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

OTL.Txt

Unread postby Alochai » May 5th, 2011, 5:55 am

OTL logfile created on: 05/05/2011 09:41:06 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Simon Harris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.35 Gb Total Space | 66.15 Gb Free Space | 57.85% Space Free | Partition Type: NTFS

Computer Name: MY_WORLD | User Name: Simon Harris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 22:58:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
PRC - [2011/04/30 11:00:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/01 06:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/15 13:19:44 | 001,564,672 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
PRC - [2004/02/02 19:08:31 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2003/10/09 01:41:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/03 22:58:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (gb)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/01 06:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/09/08 00:05:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/01 06:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2011/04/01 06:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/09/16 19:09:24 | 000,030,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/01 06:13:20 | 000,238,848 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2007/03/08 21:22:11 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/09/17 08:05:00 | 000,084,512 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2004/09/17 08:05:00 | 000,006,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2004/09/17 08:04:00 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) Samsung Mobile USB Device 1.0 driver (WDM)
DRV - [2004/08/04 06:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/02 19:08:36 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/10/10 02:52:08 | 000,475,788 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/10/04 20:25:56 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/03/26 00:50:46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 23:14:46 | 000,049,024 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/29 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/08/21 01:19:08 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2001/08/18 05:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/18 05:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/18 05:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/18 05:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/18 05:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/18 05:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/18 05:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/18 05:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/18 05:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 EA 0F A9 1F F5 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:00:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 11:00:51 | 000,000,000 | ---D | M]

[2009/03/29 15:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Extensions
[2011/05/05 04:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions
[2011/04/14 12:47:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 12:47:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/05 04:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/06 14:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/22 16:26:59 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/22 16:26:59 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/22 16:26:59 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/22 16:27:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2007/04/05 19:05:58 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\Simon Harris\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {0fe36c74-667b-454b-828e-75e4e72cbef8} - causes - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Simon Harris\Desktop\Purge\My Pictures\Backgrounds\EarthBound Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon Harris\Desktop\Purge\My Pictures\Backgrounds\EarthBound Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/27 08:40:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 09:04:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/03 22:58:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
[2011/05/03 22:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Avira
[2011/05/03 22:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/03 22:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/03 21:37:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/03 21:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Avira
[2011/05/03 21:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/03 21:33:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/03 21:33:05 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/03 21:33:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/03 21:33:05 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/03 21:33:04 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/03 21:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/03 21:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/01 11:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Search
[2011/05/01 11:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/05/01 11:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Tracing
[2011/05/01 11:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/05/01 11:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/05/01 11:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/05/01 11:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/05/01 11:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/05/01 11:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/05/01 11:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/05/01 10:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/01 10:50:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/05/01 10:50:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/01 10:50:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/01 10:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\Identities
[2011/05/01 10:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Desktop Search
[2011/05/01 10:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/05/01 10:49:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/04/30 10:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\My Documents\CyberLink
[2011/04/29 16:06:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/29 16:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/29 15:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Malwarebytes
[2011/04/29 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/29 15:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Desktop\Security Utilities
[2011/04/28 03:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/04/26 21:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2011/04/26 21:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\My Documents\Videos
[2011/04/26 21:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Leadertech
[2011/04/26 21:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/04/26 21:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011/04/26 21:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/04/26 21:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/04/26 21:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/04/24 10:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/04/24 10:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2011/04/24 10:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/04/24 10:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2011/04/07 22:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2011/04/07 16:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2011/04/07 16:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/04/07 16:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro RUBotted
[2011/04/07 16:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/07 15:54:14 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/07 14:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bethesda Softworks
[2011/04/07 14:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/04/07 13:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\uTorrent
[2011/04/06 23:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Desktop\Purge
[2011/04/06 15:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\AVG10
[2011/04/06 15:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/06 15:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/06 14:46:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Simon Harris\Recent
[2011/04/06 14:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

========== Files - Modified Within 30 Days ==========

[2011/05/05 09:07:40 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/05 09:06:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 09:06:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 09:06:40 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/03 22:58:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
[2011/05/03 21:33:20 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/03 21:02:34 | 000,504,657 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Desktop\unhide.exe
[2011/05/03 15:12:39 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/05/02 03:01:00 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/01 16:37:28 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Desktop\dds.scr
[2011/05/01 11:41:40 | 000,464,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 11:41:40 | 000,079,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 11:37:03 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 10:49:26 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/04/30 13:45:28 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/30 10:12:57 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 16:00:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\housecall.guid.cache
[2011/04/29 12:45:04 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/04/26 21:08:35 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
[2011/04/07 16:05:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/04/07 15:54:14 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/07 14:58:38 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Morrowind.lnk

========== Files Created - No Company Name ==========

[2011/05/03 21:33:20 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/03 21:02:34 | 000,504,657 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Desktop\unhide.exe
[2011/05/01 16:37:28 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Desktop\dds.scr
[2011/05/01 10:49:26 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/05/01 10:49:26 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/04/30 10:11:49 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 16:00:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\housecall.guid.cache
[2011/04/29 12:45:04 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/04/26 21:08:35 | 000,001,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
[2011/04/24 10:04:39 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/04/07 16:05:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\-1
[2011/04/07 14:58:38 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Morrowind.lnk
[2011/04/01 06:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 06:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 06:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 05:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/12/31 01:21:27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/06/04 13:21:26 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/02/17 16:39:32 | 000,026,736 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/19 14:55:30 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2008/10/12 00:06:37 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/28 15:04:20 | 000,013,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\string.ini
[2008/09/11 09:40:31 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 15:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 15:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/03/21 01:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/12 15:31:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/13 20:27:10 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/03/31 17:29:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/03/13 21:19:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/03/02 21:52:57 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/03/02 21:52:57 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/02/16 14:48:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/01 15:11:48 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/10/30 18:51:47 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/10/30 18:51:47 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/07/29 13:33:10 | 000,000,287 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/17 16:46:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/11 14:18:48 | 000,002,115 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/04/29 23:49:16 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wa.INI
[2005/02/05 22:44:54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/02/05 22:44:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/02/05 22:44:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/01/15 12:50:39 | 000,000,381 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/12/12 00:24:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\INSIGHT.INI
[2004/09/20 21:23:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/20 18:57:24 | 000,000,151 | ---- | C] () -- C:\WINDOWS\SCNIMAGE.INI
[2004/09/20 18:27:24 | 000,005,090 | ---- | C] () -- C:\WINDOWS\cool.ini
[2004/09/20 18:26:08 | 000,127,023 | ---- | C] () -- C:\WINDOWS\c96unins.exe
[2004/07/27 12:45:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/07/27 12:45:12 | 000,000,009 | ---- | C] () -- C:\WINDOWS\GSP_APRG.INI
[2004/07/22 20:01:24 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2004/07/17 00:51:31 | 000,000,141 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/07/17 00:50:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\lyriq.INI
[2004/07/04 15:12:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/06/28 15:31:30 | 000,000,729 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2004/06/28 15:31:07 | 000,000,114 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/06/24 22:13:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/06/24 22:13:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/06/24 22:13:38 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/06/24 22:13:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/06/24 22:13:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 22:13:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/06/24 22:13:06 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/06/24 22:12:03 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/06/24 22:11:34 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/24 16:21:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2004/02/02 19:30:39 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2004/02/02 19:30:39 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/02/02 19:30:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004/02/02 19:30:39 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2004/02/02 19:30:39 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2004/02/02 19:08:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/02/02 19:02:39 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/02/02 18:57:44 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/02/02 18:57:41 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/02/02 18:56:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2004/01/31 00:59:49 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2003/11/17 18:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/11/17 18:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/03/27 14:28:14 | 000,001,384 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/27 14:27:26 | 000,464,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/27 14:27:26 | 000,079,822 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/27 09:50:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/27 08:43:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/03/27 08:38:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/03/27 07:32:24 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/27 00:33:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1997/04/01 00:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/04/01 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1996/12/09 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/09 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/05/03 21:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/07 13:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/04/16 06:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/04/06 14:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/15 02:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/05/03 21:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/05 17:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/20 20:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wmp
[2009/09/10 19:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/24 12:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/06 15:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\AVG10
[2009/04/05 22:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\BitZipper
[2011/04/07 01:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Dev-Cpp
[2011/04/06 15:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Dropbox
[2009/04/07 21:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\gtk-2.0
[2011/04/26 21:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Leadertech
[2008/09/05 23:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Obsidium
[2011/03/23 23:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\UDP Software
[2011/04/07 13:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\uTorrent
[2011/04/06 15:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Uzwi
[2008/08/21 17:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Viewpoint
[2011/05/01 10:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Desktop Search
[2011/05/01 11:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Search

========== Purity Check ==========



< End of report >
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am

Re: Fake Windows Security Centre causing problems

Unread postby askey127 » May 5th, 2011, 7:30 am

Alochai,
-----------------------------------------------------------
Check Hard Disk For Errors
Press Start->Run, then type or copy/paste the following command into the box and press OK:
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file and icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Trend Micro RUBotted 2.0 Beta
Ask Toolbar

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\Documents and Settings\Simon Harris\Application Data\uTorrent
    C:\Documents and Settings\Simon Harris\Application Data\AVG10
    C:\Documents and Settings\All Users\Application Data\AVG10
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So we are looking for the results from the HD check, and the log OTL.txt from the Quick Scan.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Fake Windows Security Centre causing problems

Unread postby Alochai » May 5th, 2011, 8:33 am

I removed Trend Micro RUBotted via the control panel, but the Ask Toolbar was not on that list. I used the registry editor to track down any keys related to ask.com or ask.toolbar so hopefully its as gone as it needs to be.

In particular I did delete the key @{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar in HKLM, that was the only 'ask' key that came up on the scans so that certainly won't come up again.

Thanks again, logs upcoming.
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am

checkhd.Txt

Unread postby Alochai » May 5th, 2011, 8:34 am

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

119909128 KB total disk space.
50181100 KB in 74588 files.
29564 KB in 6359 indexes.
4 KB in bad sectors.
332652 KB in use by the system.
65536 KB occupied by the log file.
69365808 KB available on disk.

4096 bytes in each allocation unit.
29977282 total allocation units on disk.
17341452 allocation units available on disk.
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am

OTL.Txt

Unread postby Alochai » May 5th, 2011, 8:37 am

OTL logfile created on: 05/05/2011 13:25:38 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Simon Harris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.35 Gb Total Space | 66.14 Gb Free Space | 57.84% Space Free | Partition Type: NTFS

Computer Name: MY_WORLD | User Name: Simon Harris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 22:58:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
PRC - [2011/04/01 06:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/15 13:19:44 | 001,564,672 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
PRC - [2004/02/02 19:08:31 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2003/10/09 01:41:10 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/03 22:58:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RUBotSrv)
SRV - File not found [Auto | Stopped] -- -- (gb)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/01 06:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/09/08 00:05:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/01 06:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC)
DRV - [2011/04/01 06:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/09/16 19:09:24 | 000,030,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/06/01 06:13:20 | 000,238,848 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2007/03/08 21:22:11 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/09/17 08:05:00 | 000,084,512 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2004/09/17 08:05:00 | 000,006,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2004/09/17 08:04:00 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) Samsung Mobile USB Device 1.0 driver (WDM)
DRV - [2004/08/04 06:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/02 19:08:36 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/10/10 02:52:08 | 000,475,788 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/10/04 20:25:56 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2003/03/26 00:50:46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 23:14:46 | 000,049,024 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/29 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/08/21 01:19:08 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2001/08/18 05:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/18 05:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/18 05:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/18 05:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/18 05:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/18 05:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/18 05:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/18 05:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/18 05:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 EA 0F A9 1F F5 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:00:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 11:00:51 | 000,000,000 | ---D | M]

[2009/03/29 15:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Extensions
[2011/05/05 04:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions
[2011/04/14 12:47:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/14 12:47:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Simon Harris\Application Data\Mozilla\Firefox\Profiles\evl7qoue.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/05 04:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/06 14:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/22 16:26:59 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/22 16:26:59 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/22 16:26:59 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/22 16:27:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2007/04/05 19:05:58 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless G USB Adapter Client Utility.lnk = C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\Simon Harris\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {0fe36c74-667b-454b-828e-75e4e72cbef8} - causes - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Simon Harris\Desktop\Purge\My Pictures\Backgrounds\EarthBound Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon Harris\Desktop\Purge\My Pictures\Backgrounds\EarthBound Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/27 08:40:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 09:04:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/03 22:58:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
[2011/05/03 22:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Avira
[2011/05/03 22:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/03 22:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/03 21:37:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/03 21:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Avira
[2011/05/03 21:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/05/03 21:33:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/03 21:33:05 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/03 21:33:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/03 21:33:05 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/03 21:33:04 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/03 21:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/03 21:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/01 11:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Search
[2011/05/01 11:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/05/01 11:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Tracing
[2011/05/01 11:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/05/01 11:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/05/01 11:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/05/01 11:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/05/01 11:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/05/01 11:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/05/01 11:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/05/01 10:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/01 10:50:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011/05/01 10:50:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011/05/01 10:50:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011/05/01 10:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\Identities
[2011/05/01 10:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Desktop Search
[2011/05/01 10:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/05/01 10:49:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/04/30 10:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\My Documents\CyberLink
[2011/04/29 16:06:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/29 16:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/29 15:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Malwarebytes
[2011/04/29 15:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/29 15:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Desktop\Security Utilities
[2011/04/28 03:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/04/26 21:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2011/04/26 21:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\My Documents\Videos
[2011/04/26 21:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Application Data\Leadertech
[2011/04/26 21:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/04/26 21:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011/04/26 21:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/04/26 21:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/04/26 21:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/04/24 10:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/04/24 10:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2011/04/24 10:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2011/04/24 10:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2011/04/07 16:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2011/04/07 16:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/04/07 15:54:14 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/07 14:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bethesda Softworks
[2011/04/07 14:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/04/06 23:00:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon Harris\Desktop\Purge
[2011/04/06 15:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/06 14:46:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Simon Harris\Recent
[2011/04/06 14:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

========== Files - Modified Within 30 Days ==========

[2011/05/05 13:23:04 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/05 13:22:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 13:22:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 13:22:32 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/03 22:58:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon Harris\Desktop\OTL.exe
[2011/05/03 21:33:20 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/03 21:02:34 | 000,504,657 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Desktop\unhide.exe
[2011/05/03 15:12:39 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/05/02 03:01:00 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/01 16:37:28 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Desktop\dds.scr
[2011/05/01 11:41:40 | 000,464,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 11:41:40 | 000,079,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/01 11:37:03 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 10:49:26 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/04/30 13:45:28 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/30 10:12:57 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 16:00:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\housecall.guid.cache
[2011/04/29 12:45:04 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Simon Harris\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/04/26 21:08:35 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
[2011/04/07 16:05:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/04/07 15:54:14 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/04/07 14:58:38 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Morrowind.lnk

========== Files Created - No Company Name ==========

[2011/05/03 21:33:20 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/03 21:02:34 | 000,504,657 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Desktop\unhide.exe
[2011/05/01 16:37:28 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Desktop\dds.scr
[2011/05/01 10:49:26 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/05/01 10:49:26 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/04/30 10:11:49 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/29 16:00:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Local Settings\Application Data\housecall.guid.cache
[2011/04/29 12:45:04 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Simon Harris\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/04/26 21:08:35 | 000,001,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
[2011/04/24 10:04:39 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/04/07 16:05:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\-1
[2011/04/07 14:58:38 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Morrowind.lnk
[2011/04/01 06:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 06:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 06:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 05:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/12/31 01:21:27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/06/04 13:21:26 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/02/17 16:39:32 | 000,026,736 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/11/19 14:55:30 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2008/10/12 00:06:37 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/28 15:04:20 | 000,013,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\string.ini
[2008/09/11 09:40:31 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/16 15:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 15:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/03/21 01:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/02/12 15:31:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/13 20:27:10 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/03/31 17:29:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/03/13 21:19:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/03/02 21:52:57 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/03/02 21:52:57 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/02/16 14:48:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/01 15:11:48 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/10/30 18:51:47 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/10/30 18:51:47 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/07/29 13:33:10 | 000,000,287 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/17 16:46:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/11 14:18:48 | 000,002,115 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/04/29 23:49:16 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wa.INI
[2005/02/05 22:44:54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/02/05 22:44:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/02/05 22:44:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/01/15 12:50:39 | 000,000,381 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/12/12 00:24:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\INSIGHT.INI
[2004/09/20 21:23:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/20 18:57:24 | 000,000,151 | ---- | C] () -- C:\WINDOWS\SCNIMAGE.INI
[2004/09/20 18:27:24 | 000,005,090 | ---- | C] () -- C:\WINDOWS\cool.ini
[2004/09/20 18:26:08 | 000,127,023 | ---- | C] () -- C:\WINDOWS\c96unins.exe
[2004/07/27 12:45:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/07/27 12:45:12 | 000,000,009 | ---- | C] () -- C:\WINDOWS\GSP_APRG.INI
[2004/07/22 20:01:24 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cgminivw.ini
[2004/07/17 00:51:31 | 000,000,141 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/07/17 00:50:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\lyriq.INI
[2004/07/04 15:12:20 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/06/28 15:31:30 | 000,000,729 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2004/06/28 15:31:07 | 000,000,114 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/06/24 22:13:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/06/24 22:13:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/06/24 22:13:38 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/06/24 22:13:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/06/24 22:13:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 22:13:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/06/24 22:13:06 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/06/24 22:12:03 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/06/24 22:11:34 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/24 16:21:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2004/02/02 19:30:39 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2004/02/02 19:30:39 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004/02/02 19:30:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004/02/02 19:30:39 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2004/02/02 19:30:39 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2004/02/02 19:08:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/02/02 19:02:39 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/02/02 18:57:44 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004/02/02 18:57:41 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/02/02 18:56:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2004/01/31 00:59:49 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2003/11/17 18:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/11/17 18:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/03/27 14:28:14 | 000,001,384 | R--- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/27 14:27:26 | 000,464,244 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/27 14:27:26 | 000,079,822 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/27 09:50:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/27 08:43:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/03/27 08:38:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/03/27 07:32:24 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/27 00:33:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1997/04/01 00:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/04/01 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1996/12/09 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/09 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/04/07 13:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/04/16 06:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/04/06 14:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/15 02:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/05/03 21:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/05 17:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/04/20 20:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wmp
[2009/09/10 19:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/24 12:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/05 22:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\BitZipper
[2011/04/07 01:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Dev-Cpp
[2011/04/06 15:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Dropbox
[2009/04/07 21:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\gtk-2.0
[2011/04/26 21:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Leadertech
[2008/09/05 23:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Obsidium
[2011/03/23 23:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\UDP Software
[2011/04/06 15:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Uzwi
[2008/08/21 17:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Viewpoint
[2011/05/01 10:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Desktop Search
[2011/05/01 11:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon Harris\Application Data\Windows Search

========== Purity Check ==========



< End of report >
Alochai
Regular Member
 
Posts: 17
Joined: May 1st, 2011, 6:47 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 118 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware