akira_yuki13

Windows must now restart because plug and play service terminated unexpectedly

22 posts in this topic

Hi, this is my first time posting in this forums. I would just like to ask for help on removing this annoying virus. This is what happened, i was doing something in my computer, when "Windows must now restart because plug an play service terminated unexpectedly" pops up, and sometime "DCOM" something also pops up but not at the same time. When its not the "DCOM", its the "Plug and Play" thingy. so. i made a "shutdown -a" to postponed the reboot and try to scan it with MBAM and viola, str.sys is detected and it will be deleted after reboot yey. But after i reboot, same problem persist, same pop ups, and then i try rescanning again, str.sys was still in my PC. please help me, here is the HJT log together with the MBAM log. hoping gor your fast reply

HJT log:

======================================================================

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:44:45 PM, on 10/28/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\TeamViewer\Version5\TeamViewer.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Arron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3GLYWUZ\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts:

Share this post


Link to post
Share on other sites

Hello akira_yuki13

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Share this post


Link to post
Share on other sites

Thanks for your fast response kahdah, as per youre request here is the OTL log

OTL logfile created on: 10/28/2010 10:35:07 PM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Arron\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 195.41 Gb Total Space | 51.74 Gb Free Space | 26.48% Space Free | Partition Type: NTFS

Drive D: | 368.05 Gb Total Space | 153.93 Gb Free Space | 41.82% Space Free | Partition Type: NTFS

Drive E: | 368.05 Gb Total Space | 285.29 Gb Free Space | 77.51% Space Free | Partition Type: NTFS

Computer Name: ARRON-PC | User Name: Arron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Arron\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)

PRC - c:\xampp\mysql\bin\mysqld.exe ()

PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

PRC - C:\Program Files\Blaze Media Pro\NMSAccess32.exe ()

PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)

PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)

========== Modules (SafeList) ==========

MOD - C:\Users\Arron\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe ()

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()

SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe ()

SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)

========== Driver Services (SafeList) ==========

DRV - (DgiVecp) -- C:\Windows\System32\Drivers\DgiVecp.sys File not found

DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 D6 16 62 50 74 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/10/28 20:45:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [Google Update] C:\Users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [uTorrent] C:\Users\Arron\Downloads\utorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2010/10/28 12:45:39 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 22:30:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Arron\Desktop\OTL.exe

[2010/10/28 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2010/10/28 20:45:02 | 000,000,000 | ---D | C] -- C:\_OTM

[2010/10/28 20:43:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/10/26 12:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Blaze Media Pro

[2010/10/26 12:22:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}

[2010/10/26 12:21:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\PackageAware

[2010/10/21 13:39:26 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/10/20 22:34:37 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\TeamViewer

[2010/10/20 22:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer

[2010/10/20 16:52:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\GTH Documents

[2010/10/19 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\USB

[2010/10/19 17:01:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\Web joyfze

[2010/10/19 16:16:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\ElevatedDiagnostics

[2010/10/13 13:25:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\FileZilla

[2010/10/13 12:11:18 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/10/10 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel

[2010/10/10 18:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis

[2010/10/10 18:58:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Corel

[2010/10/10 12:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2010/10/10 12:21:08 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys

[2010/10/10 12:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc

[2010/10/10 12:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO

[2010/10/10 12:19:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\WinRAR

[2010/10/10 12:11:29 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/10/10 12:11:29 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/10/10 12:11:29 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/10/10 12:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/10/10 11:45:09 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\AskToolbar

[2010/10/10 11:39:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2010/10/09 22:48:06 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2010/10/09 22:47:53 | 000,000,000 | -HSD | C] -- C:\Boot

[2010/10/09 22:39:03 | 000,000,000 | ---D | C] -- C:\Windows.old.000

[2010/10/09 22:32:32 | 000,000,000 | ---D | C] -- C:\Windows.old

[2010/10/09 22:01:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010/10/09 21:59:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2010/10/09 21:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player

[2010/10/09 21:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/10/09 21:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/10/09 21:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2010/10/09 21:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/10/09 21:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2010/10/09 21:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/10/09 21:24:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\uTorrent

[2010/10/09 20:09:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Adobe

[2010/10/09 19:38:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Yahoo!

[2010/10/09 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Deployment

[2010/10/09 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Apps

[2010/10/09 19:02:21 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\IndigoRose

[2010/10/09 19:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/10/09 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IndigoRose

[2010/10/09 19:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\AutoPlay Media Studio 8 Trial

[2010/10/09 18:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs

[2010/10/09 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0

[2010/10/09 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis

[2010/10/09 18:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel

[2010/10/09 18:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Corel

[2010/10/09 17:55:36 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll

[2010/10/09 17:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2010/10/09 17:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2010/10/09 17:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2010/10/09 17:50:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/10/09 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/10/09 17:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

[2010/10/09 17:47:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Microsoft Help

[2010/10/09 17:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/10/09 17:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2010/10/09 17:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

[2010/10/09 17:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy

[2010/10/09 17:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2010/10/09 17:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/10/09 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Google

[2010/10/09 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2010/10/09 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\ZendOptimizer-3.3.9-linux-glibc23-i386

[2010/10/09 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Visual Studio 2008

[2010/10/09 17:00:33 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\OneNote Notebooks

[2010/10/09 16:56:44 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\My Palettes

[2010/10/09 16:56:44 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\My eBooks

[2010/10/09 16:56:43 | 000,000,000 | --SD | C] -- C:\Users\Arron\Documents\My Data Sources

[2010/10/09 16:56:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Modern

[2010/10/09 16:56:35 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\magazine ads

[2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\good sofas (MI CASA)

[2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\good dining sets ( MI CASA)

[2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\FURNITURE SCANS

[2010/10/09 16:55:14 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/10/09 16:55:08 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/10/09 16:54:59 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/10/09 16:54:55 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/10/09 16:54:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg

[2010/10/09 16:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/10/09 16:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/10/09 16:46:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Malwarebytes

[2010/10/09 16:46:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/10/09 16:45:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/10/09 16:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/09 16:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/09 16:36:15 | 000,000,000 | -H-D | C] -- C:\Users\Arron\Documents\Downloads

[2010/10/09 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\CyberLink

[2010/10/09 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\covers

[2010/10/09 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Corel User Files

[2010/10/09 16:36:10 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Corel

[2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Classic Presentation

[2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\CCCLeaner Registry Back Up

[2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\c4d

[2010/10/09 16:36:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\BOIGB - Bot - 09.08.2010

[2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\AutoPlay Media Studio 8

[2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Anvsoft

[2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\After Effects Composition

[2010/10/09 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate

[2010/10/09 16:27:33 | 000,000,000 | ---D | C] -- C:\Windows\Samsung

[2010/10/09 16:27:20 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll

[2010/10/09 16:27:20 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll

[2010/10/09 16:27:20 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll

[2010/10/09 16:27:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll

[2010/10/09 16:27:20 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2r.dll

[2010/10/09 16:27:19 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2.dll

[2010/10/09 16:27:19 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2a.dll

[2010/10/09 16:26:54 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sst1cci.exe

[2010/10/09 16:26:54 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sst1cci.dll

[2010/10/09 16:25:57 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS

[2010/10/09 16:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung

[2010/10/09 16:24:05 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Diagnostics

[2010/10/09 16:23:24 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Adobe CS4 Master Collection

[2010/10/09 16:21:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Adobe

[2010/10/09 16:21:25 | 003,795,360 | ---- | C] (Piriform Ltd) -- C:\Users\Arron\Documents\rcsetup138.exe

[2010/10/09 16:21:25 | 001,759,261 | ---- | C] (Simon Tatham ) -- C:\Users\Arron\Documents\putty-0.60-installer.exe

[2010/10/09 16:21:25 | 001,244,536 | ---- | C] (Piriform Ltd) -- C:\Users\Arron\Documents\spsetup103.exe

[2010/10/09 16:21:21 | 010,344,252 | ---- | C] (Kalendra, Ltd. ) -- C:\Users\Arron\Documents\KalendraSetup.exe

[2010/10/09 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\WEBSITE AC 3.0

[2010/10/09 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\WAREHOUSE FLOORPLAN

[2010/10/09 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VIVIONA LOVE SEAT

[2010/10/09 16:18:43 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VILLA PRESENTATION

[2010/10/09 16:18:28 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VIDEOS

[2010/10/09 16:18:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Tapestries

[2010/10/09 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\stands

[2010/10/09 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\SREEJA

[2010/10/09 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\SAJEEV

[2010/10/09 16:18:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ROMA

[2010/10/09 16:17:59 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Quotation

[2010/10/09 16:17:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PSD

[2010/10/09 16:17:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PRESENTATIONS

[2010/10/09 16:17:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PICTURES FROM E-MAIL

[2010/10/09 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\pdf-quotation-mr.dory

[2010/10/09 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PDF

[2010/10/09 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Pablo

[2010/10/09 16:15:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\now

[2010/10/09 16:15:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\new pix

[2010/10/09 16:15:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\New Items

[2010/10/09 16:15:38 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\NEW BEDS

[2010/10/09 16:15:37 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Nastassia Side Table

[2010/10/09 16:15:30 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ms nagham

[2010/10/09 16:14:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ms gulnora

[2010/10/09 16:11:22 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MS BAHAR

[2010/10/09 16:11:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Mr. Henry's Qoute

[2010/10/09 16:10:38 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MR MAHMOUD

[2010/10/09 16:10:26 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mr henry

[2010/10/09 16:10:19 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MR EMAMI

[2010/10/09 16:02:30 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mr dory

[2010/10/09 16:02:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mp3

[2010/10/09 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\modern

[2010/10/09 15:58:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Map

[2010/10/09 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Mantellasi

[2010/10/09 15:57:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Madam Emami

[2010/10/09 15:55:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Khalifa

[2010/10/09 15:55:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\JPGS

[2010/10/09 15:55:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\IT Dept

[2010/10/09 15:54:33 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\IMAGES

[2010/10/09 15:54:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\HAJRI FLOOR PLAN PDF

[2010/10/09 15:54:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\hajri

[2010/10/09 15:54:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\geremyYYYYYYYYYYYYYYYYY

[2010/10/09 15:54:27 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\GAMELLINUS

[2010/10/09 15:54:19 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\FURNITURE DAMAGES

[2010/10/09 15:53:42 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\from camera

[2010/10/09 15:53:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\For website used

[2010/10/09 15:52:50 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\FILES

[2010/10/09 15:52:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\EXCEL

[2010/10/09 15:52:35 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ENCODED PSD

[2010/10/09 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\e-mail format intro

[2010/10/09 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\dining

[2010/10/09 15:43:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\DESKTOP FOLDERs

[2010/10/09 15:43:04 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\CURTAINS

[2010/10/09 15:43:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\COFFEE TABLES

[2010/10/09 15:42:55 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Chandelier Pics

[2010/10/09 15:42:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\cd menu

[2010/10/09 15:39:13 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\CATALOG

[2010/10/09 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\BAMBINO

[2010/10/09 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\BAMBI2

[2010/10/09 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\background'

[2010/10/09 15:38:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\asdasdasdasdasdasd

[2010/10/09 15:38:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Arron

[2010/10/09 15:37:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ALL GTH BEDS EDITED

[2010/10/09 15:37:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\AL MANA COMPARISON

[2010/10/09 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Al Mana

[2010/10/09 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Abdulllah

[2010/10/09 15:31:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\2

[2010/10/09 15:30:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\ChikkaDefault

[2010/10/09 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Yahoo!

[2010/10/09 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Yahoo

[2010/10/09 15:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!

[2010/10/09 15:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/10/09 14:59:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2010/10/09 13:51:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Macromedia

[2010/10/09 13:50:42 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Adobe

[2010/10/09 13:50:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2010/10/09 11:26:56 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/10/09 11:08:12 | 000,000,000 | R--D | C] -- C:\Users\Arron\Searches

[2010/10/09 11:08:12 | 000,000,000 | -H-D | C] -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2010/10/09 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Identities

[2010/10/09 11:08:02 | 000,000,000 | R--D | C] -- C:\Users\Arron\Contacts

[2010/10/09 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\VirtualStore

[2010/10/09 11:07:49 | 000,000,000 | --SD | C] -- C:\Users\Arron\AppData\Roaming\Microsoft

[2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Start Menu

[2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Documents\My Pictures

[2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Documents\My Music

[2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\My Documents

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Videos

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Saved Games

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Pictures

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Music

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Links

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Favorites

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Downloads

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\My Documents

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Desktop

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\Temporary Internet Files

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Templates

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\SendTo

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Recent

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\PrintHood

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\NetHood

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Documents\My Videos

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Local Settings

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\History

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Cookies

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Application Data

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\Application Data

[2010/10/09 11:07:49 | 000,000,000 | -H-D | C] -- C:\Users\Arron\AppData

[2010/10/09 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Temp

[2010/10/09 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Microsoft

[2010/10/09 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Media Center Programs

[2010/10/09 11:07:35 | 000,000,000 | -HSD | C] -- C:\Recovery

[2010/10/06 17:29:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/10/06 17:19:04 | 000,000,000 | ---D | C] -- C:\NVIDIA

[1 C:\Users\Arron\Documents\*.tmp files -> C:\Users\Arron\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 22:30:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Arron\Desktop\OTL.exe

[2010/10/28 22:22:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job

[2010/10/28 22:00:07 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lfpk.sys

[2010/10/28 21:51:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/28 21:50:55 | 2413,424,640 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/28 21:50:01 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/28 21:50:01 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/28 20:45:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2010/10/28 20:24:39 | 000,662,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/10/28 20:24:39 | 000,121,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/10/28 20:18:23 | 003,783,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/10/28 18:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job

[2010/10/28 18:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job

[2010/10/28 17:06:43 | 066,927,822 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/10/28 15:41:15 | 002,126,092 | ---- | M] () -- C:\Users\Arron\Desktop\SIGNAGE DIMENSION.jpg

[2010/10/28 14:56:16 | 010,857,464 | ---- | M] () -- C:\Users\Arron\Desktop\gmaker80.exe

[2010/10/28 14:52:35 | 002,379,281 | ---- | M] () -- C:\Users\Arron\Desktop\ProjectPlatform.exe

[2010/10/28 12:31:10 | 001,336,859 | ---- | M] () -- C:\Users\Arron\Desktop\Floor Plan.cdr

[2010/10/28 04:22:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job

[2010/10/26 12:22:53 | 000,000,901 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Blaze Media Pro.lnk

[2010/10/26 12:22:53 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Blaze Media Pro.lnk

[2010/10/25 20:42:56 | 006,638,686 | ---- | M] () -- C:\Users\Arron\Desktop\Coldplay-The Scientist (Acoustic).mp3

[2010/10/25 12:26:55 | 000,165,186 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA AC_BG.jpg

[2010/10/24 21:30:21 | 000,156,054 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA S3S_BG.jpg

[2010/10/24 21:30:13 | 000,192,354 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA ACC_BG.jpg

[2010/10/23 19:58:58 | 001,330,444 | ---- | M] () -- C:\Users\Arron\Desktop\Backup_of_Floor Plan.cdr

[2010/10/22 12:23:07 | 000,002,363 | ---- | M] () -- C:\Users\Arron\Desktop\Google Chrome.lnk

[2010/10/20 22:34:33 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk

[2010/10/19 13:33:04 | 000,079,015 | ---- | M] () -- C:\Windows\FontData.fdb

[2010/10/14 14:57:41 | 000,540,855 | ---- | M] () -- C:\Users\Arron\nigol directory_new.cdr

[2010/10/14 14:21:39 | 000,507,383 | ---- | M] () -- C:\Users\Arron\Backup_of_nigol directory_new.cdr

[2010/10/13 13:20:19 | 000,000,441 | ---- | M] () -- C:\Users\Arron\Desktop\XAMPP Control Panel.lnk

[2010/10/13 13:03:02 | 000,001,107 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2010/10/10 12:21:45 | 000,000,963 | ---- | M] () -- C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2010/10/10 12:21:45 | 000,000,927 | ---- | M] () -- C:\Users\Arron\Desktop\MagicDisc.lnk

[2010/10/10 12:19:52 | 000,001,773 | ---- | M] () -- C:\Users\Arron\Desktop\MagicISO.lnk

[2010/10/10 12:15:55 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/10/10 11:49:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/10/10 11:39:43 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll

[2010/10/10 11:39:43 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll

[2010/10/09 22:47:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2010/10/09 22:47:54 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved

[2010/10/09 22:03:22 | 000,040,833 | ---- | M] () -- C:\Windows\System32\license.rtf

[2010/10/09 19:00:28 | 000,000,000 | ---- | M] () -- C:\Windows\AutoPlayDesign.INI

[2010/10/09 19:00:27 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\AutoPlay Media Studio 8 Trial.lnk

[2010/10/09 17:27:49 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk

[2010/10/09 17:20:46 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk

[2010/10/09 17:19:31 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk

[2010/10/09 17:18:20 | 000,000,969 | ---- | M] () -- C:\Users\Arron\Desktop\CCleaner.lnk

[2010/10/09 17:15:39 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk

[2010/10/09 16:55:14 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/10/09 16:55:14 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/10/09 16:55:08 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/10/09 16:54:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/10/09 16:54:55 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

[2010/10/09 16:54:55 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/10/09 16:46:04 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/09 16:27:35 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url

[2010/10/09 15:03:43 | 000,001,145 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2010/10/09 13:27:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/10/09 11:19:27 | 000,001,411 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/05 22:32:20 | 000,000,000 | ---- | M] () -- C:\Users\Arron\Documents\VII marketing..doc

[2010/10/05 22:04:36 | 000,650,147 | ---- | M] () -- C:\Users\Arron\Documents\final-cartoon-team-durian-colors-all.jpg

[2010/10/05 21:12:26 | 000,427,520 | ---- | M] () -- C:\Users\Arron\Documents\VII.doc

[2010/10/05 15:40:23 | 000,160,256 | ---- | M] () -- C:\Users\Arron\Documents\rizal life and workss.doc

[2010/10/05 13:16:59 | 001,939,971 | ---- | M] () -- C:\Users\Arron\Desktop\QTTN FORMAT.cdr

[2010/10/03 16:21:15 | 000,006,144 | ---- | M] () -- C:\Users\Arron\Documents\CD STICKER.zdp

[2010/10/03 15:37:19 | 000,000,000 | -H-- | M] () -- C:\Users\Arron\Documents\Default.rdp

[2010/10/02 18:16:04 | 411,890,837 | ---- | M] () -- C:\Users\Arron\Documents\HoNClient-1.0.12.1.exe

[1 C:\Users\Arron\Documents\*.tmp files -> C:\Users\Arron\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 22:00:07 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lfpk.sys

[2010/10/28 15:35:49 | 002,126,092 | ---- | C] () -- C:\Users\Arron\Desktop\SIGNAGE DIMENSION.jpg

[2010/10/28 14:56:16 | 010,857,464 | ---- | C] () -- C:\Users\Arron\Desktop\gmaker80.exe

[2010/10/28 14:51:32 | 002,379,281 | ---- | C] () -- C:\Users\Arron\Desktop\ProjectPlatform.exe

[2010/10/26 12:22:53 | 000,000,901 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Blaze Media Pro.lnk

[2010/10/26 12:22:53 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Blaze Media Pro.lnk

[2010/10/25 20:42:56 | 006,638,686 | ---- | C] () -- C:\Users\Arron\Desktop\Coldplay-The Scientist (Acoustic).mp3

[2010/10/25 12:26:55 | 000,165,186 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA AC_BG.jpg

[2010/10/24 21:30:27 | 000,156,054 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA S3S_BG.jpg

[2010/10/24 21:30:13 | 000,192,354 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA ACC_BG.jpg

[2010/10/23 19:37:36 | 001,330,444 | ---- | C] () -- C:\Users\Arron\Desktop\Backup_of_Floor Plan.cdr

[2010/10/23 19:23:40 | 001,336,859 | ---- | C] () -- C:\Users\Arron\Desktop\Floor Plan.cdr

[2010/10/20 22:34:33 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk

[2010/10/19 13:33:00 | 000,079,015 | ---- | C] () -- C:\Windows\FontData.fdb

[2010/10/14 14:57:40 | 000,507,383 | ---- | C] () -- C:\Users\Arron\Backup_of_nigol directory_new.cdr

[2010/10/14 14:21:36 | 000,540,855 | ---- | C] () -- C:\Users\Arron\nigol directory_new.cdr

[2010/10/13 13:20:19 | 000,000,441 | ---- | C] () -- C:\Users\Arron\Desktop\XAMPP Control Panel.lnk

[2010/10/13 13:03:02 | 000,001,107 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2010/10/10 12:21:45 | 000,000,963 | ---- | C] () -- C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2010/10/10 12:21:45 | 000,000,927 | ---- | C] () -- C:\Users\Arron\Desktop\MagicDisc.lnk

[2010/10/10 12:19:52 | 000,001,773 | ---- | C] () -- C:\Users\Arron\Desktop\MagicISO.lnk

[2010/10/10 12:15:55 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/10/10 11:49:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/10/09 22:47:56 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2010/10/09 22:47:54 | 000,383,562 | RHS- | C] () -- C:\bootmgr

[2010/10/09 22:47:54 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK

[2010/10/09 21:58:26 | 2413,424,640 | -HS- | C] () -- C:\hiberfil.sys

[2010/10/09 19:13:50 | 000,002,363 | ---- | C] () -- C:\Users\Arron\Desktop\Google Chrome.lnk

[2010/10/09 19:11:23 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job

[2010/10/09 19:11:22 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job

[2010/10/09 19:00:28 | 000,000,000 | ---- | C] () -- C:\Windows\AutoPlayDesign.INI

[2010/10/09 19:00:27 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\AutoPlay Media Studio 8 Trial.lnk

[2010/10/09 18:30:59 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At2.job

[2010/10/09 18:28:40 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At1.job

[2010/10/09 17:27:49 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk

[2010/10/09 17:20:46 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk

[2010/10/09 17:19:31 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk

[2010/10/09 17:15:39 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk

[2010/10/09 16:55:14 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/10/09 16:54:55 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

[2010/10/09 16:54:50 | 066,927,822 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/10/09 16:46:04 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/09 16:27:35 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url

[2010/10/09 16:27:33 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe

[2010/10/09 16:27:09 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico

[2010/10/09 16:27:04 | 000,005,430 | ---- | C] () -- C:\Windows\AnyWeb Print.ico

[2010/10/09 16:27:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll

[2010/10/09 16:27:00 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sst1cl3.smt

[2010/10/09 16:21:51 | 000,000,162 | -HS- | C] () -- C:\Users\Arron\Documents\~$BANATA 14 SI RIZAL SA LONDO111.docx

[2010/10/09 16:21:51 | 000,000,162 | -HS- | C] () -- C:\Users\Arron\Documents\~$apter 14 Rizal in London333.docx

[2010/10/09 16:21:42 | 183,100,582 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_460_[400p][1853AD4C].avi

[2010/10/09 16:21:35 | 183,483,930 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_459_[400p][b14FBE73].avi

[2010/10/09 16:21:26 | 182,789,340 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_458_[400p][E62EFBB9].avi

[2010/10/09 16:21:26 | 023,137,719 | ---- | C] () -- C:\Users\Arron\Documents\SWScan00002.tif

[2010/10/09 16:21:26 | 019,495,102 | ---- | C] () -- C:\Users\Arron\Documents\vlc-1.1.0-win32.exe

[2010/10/09 16:21:26 | 003,127,521 | ---- | C] () -- C:\Users\Arron\Documents\ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz

[2010/10/09 16:21:26 | 000,835,180 | ---- | C] () -- C:\Users\Arron\Documents\volleyball_logo.cdr

[2010/10/09 16:21:26 | 000,427,520 | ---- | C] () -- C:\Users\Arron\Documents\VII.doc

[2010/10/09 16:21:26 | 000,203,597 | ---- | C] () -- C:\Users\Arron\Documents\volleyball.cdr

[2010/10/09 16:21:26 | 000,184,803 | ---- | C] () -- C:\Users\Arron\Documents\WH plans_rev 02 Model (2).pdf

[2010/10/09 16:21:26 | 000,086,914 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-1.jpg

[2010/10/09 16:21:26 | 000,048,865 | ---- | C] () -- C:\Users\Arron\Documents\wnaspi32.zip

[2010/10/09 16:21:26 | 000,032,722 | ---- | C] () -- C:\Users\Arron\Documents\WILSON LUCE DIAZ.docx

[2010/10/09 16:21:26 | 000,032,686 | ---- | C] () -- C:\Users\Arron\Documents\zlib1.zip

[2010/10/09 16:21:26 | 000,007,762 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-2.html

[2010/10/09 16:21:26 | 000,004,465 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-5.html

[2010/10/09 16:21:26 | 000,000,000 | ---- | C] () -- C:\Users\Arron\Documents\VII marketing..doc

[2010/10/09 16:21:25 | 023,137,719 | ---- | C] () -- C:\Users\Arron\Documents\SWScan00001.tif

[2010/10/09 16:21:25 | 006,222,567 | ---- | C] () -- C:\Users\Arron\Documents\ramadan.rar

[2010/10/09 16:21:25 | 001,189,716 | ---- | C] () -- C:\Users\Arron\Documents\logo2.psd

[2010/10/09 16:21:25 | 000,160,256 | ---- | C] () -- C:\Users\Arron\Documents\rizal life and workss.doc

[2010/10/09 16:21:25 | 000,131,584 | ---- | C] () -- C:\Users\Arron\Documents\Nestor%20A[1].doc

[2010/10/09 16:21:25 | 000,109,950 | ---- | C] () -- C:\Users\Arron\Documents\SHOE COMPANY.docx

[2010/10/09 16:21:25 | 000,087,231 | ---- | C] () -- C:\Users\Arron\Documents\logo.psd

[2010/10/09 16:21:25 | 000,064,007 | ---- | C] () -- C:\Users\Arron\Documents\Nastassia.JPG

[2010/10/09 16:21:25 | 000,047,104 | ---- | C] () -- C:\Users\Arron\Documents\LPO_FORM.xls

[2010/10/09 16:21:25 | 000,040,607 | ---- | C] () -- C:\Users\Arron\Documents\scan0001.jpg

[2010/10/09 16:21:25 | 000,022,932 | ---- | C] () -- C:\Users\Arron\Documents\Managing Physical Assets.docx

[2010/10/09 16:21:25 | 000,022,500 | ---- | C] () -- C:\Users\Arron\Documents\logo.jpg

[2010/10/09 16:21:25 | 000,017,900 | ---- | C] () -- C:\Users\Arron\Documents\Managing Physical Assets with explanation.docx

[2010/10/09 16:21:25 | 000,015,360 | ---- | C] () -- C:\Users\Arron\Documents\NewProject.isc

[2010/10/09 16:21:25 | 000,011,763 | ---- | C] () -- C:\Users\Arron\Documents\Quotation Lists.xlsx

[2010/10/09 16:21:25 | 000,009,186 | ---- | C] () -- C:\Users\Arron\Documents\Nigol.html

[2010/10/09 16:21:25 | 000,004,443 | ---- | C] () -- C:\Users\Arron\Documents\Ramadan.html

[2010/10/09 16:21:22 | 037,552,417 | ---- | C] () -- C:\Users\Arron\Documents\Legend of Zelda, The - Majora's Mask.7z

[2010/10/09 16:21:21 | 033,554,432 | ---- | C] () -- C:\Users\Arron\Documents\Legend of Zelda, The - Majora's Mask (E) (M4) (V1.0) [!].z64

[2010/10/09 16:21:21 | 002,829,952 | ---- | C] () -- C:\Users\Arron\Documents\Joomla_1.0.15-Stable-Full_Package.zip

[2010/10/09 16:21:21 | 000,100,933 | ---- | C] () -- C:\Users\Arron\Documents\ICD1.0.6.zip

[2010/10/09 16:21:21 | 000,054,798 | ---- | C] () -- C:\Users\Arron\Documents\JOY.cdr

[2010/10/09 16:21:21 | 000,016,226 | ---- | C] () -- C:\Users\Arron\Documents\KABANATA 14 SI RIZAL SA LONDO111.docx

[2010/10/09 16:21:20 | 005,475,864 | ---- | C] () -- C:\Users\Arron\Documents\HSS-1.45-install-webroot-239-conduit2.exe

[2010/10/09 16:21:03 | 411,890,837 | ---- | C] () -- C:\Users\Arron\Documents\HoNClient-1.0.12.1.exe

[2010/10/09 16:21:02 | 003,606,977 | ---- | C] () -- C:\Users\Arron\Documents\good sofas (MI CASA).zip

[2010/10/09 16:21:02 | 000,029,786 | ---- | C] () -- C:\Users\Arron\Documents\GOVERNMENT OFFICES.docx

[2010/10/09 16:21:02 | 000,029,520 | ---- | C] () -- C:\Users\Arron\Documents\Graphic2.cdr

[2010/10/09 16:21:02 | 000,018,387 | ---- | C] () -- C:\Users\Arron\Documents\Graphic1.cdr

[2010/10/09 16:21:02 | 000,000,615 | ---- | C] () -- C:\Users\Arron\Documents\heart1.gif

[2010/10/09 16:21:01 | 000,650,147 | ---- | C] () -- C:\Users\Arron\Documents\final-cartoon-team-durian-colors-all.jpg

[2010/10/09 16:21:01 | 000,461,639 | ---- | C] () -- C:\Users\Arron\Documents\good dining sets ( MI CASA).zip

[2010/10/09 16:21:01 | 000,319,488 | ---- | C] () -- C:\Users\Arron\Documents\FUF.accdb

[2010/10/09 16:21:01 | 000,024,576 | ---- | C] () -- C:\Users\Arron\Documents\Curtain Dimensions.xls

[2010/10/09 16:21:01 | 000,008,029 | ---- | C] () -- C:\Users\Arron\Documents\FadeToTranslucent.zip

[2010/10/09 16:21:01 | 000,005,927 | ---- | C] () -- C:\Users\Arron\Documents\ExplodeEffect.zip

[2010/10/09 16:21:01 | 000,002,716 | ---- | C] () -- C:\Users\Arron\Documents\configuration.php

[2010/10/09 16:20:40 | 485,337,223 | ---- | C] () -- C:\Users\Arron\Documents\CLASSIC_01_p38-48.pdf

[2010/10/09 16:20:40 | 000,019,112 | ---- | C] () -- C:\Users\Arron\Documents\Chapter 14 Rizal in London.docx

[2010/10/09 16:20:40 | 000,017,038 | ---- | C] () -- C:\Users\Arron\Documents\Chapter 14 Rizal in London333.docx

[2010/10/09 16:20:40 | 000,006,144 | ---- | C] () -- C:\Users\Arron\Documents\CD STICKER.zdp

[2010/10/09 16:20:38 | 033,080,095 | ---- | C] () -- C:\Users\Arron\Documents\CATALOG P11-22.pdf

[2010/10/09 16:20:38 | 000,804,746 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_volleyball_logo.cdr

[2010/10/09 16:20:38 | 000,343,006 | ---- | C] () -- C:\Users\Arron\Documents\BOIGB - Bot - 09.08.2010.rar

[2010/10/09 16:20:38 | 000,210,071 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_volleyball.cdr

[2010/10/09 16:20:38 | 000,071,311 | ---- | C] () -- C:\Users\Arron\Documents\camfrog.zip

[2010/10/09 16:20:38 | 000,052,121 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_JOY.cdr

[2010/10/09 16:20:38 | 000,027,040 | ---- | C] () -- C:\Users\Arron\Documents\CALL CENTER.docx

[2010/10/09 16:20:23 | 537,524,196 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_CLASSIC_01_p1-10.pdf

[2010/10/09 16:20:23 | 003,598,486 | ---- | C] () -- C:\Users\Arron\Documents\10000-3(top).psd

[2010/10/09 16:20:23 | 000,188,928 | ---- | C] () -- C:\Users\Arron\Documents\arron javal cv.doc

[2010/10/09 16:20:23 | 000,155,350 | ---- | C] () -- C:\Users\Arron\Documents\10000-3(top).JPG

[2010/10/09 16:20:23 | 000,132,352 | ---- | C] () -- C:\Users\Arron\Documents\123.jpg

[2010/10/09 16:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Arron\Documents\2.docx

[2010/10/09 15:30:40 | 001,939,971 | ---- | C] () -- C:\Users\Arron\Desktop\QTTN FORMAT.cdr

[2010/10/09 15:30:40 | 000,997,851 | R--- | C] () -- C:\Users\Arron\Desktop\QTTN FORMAT_FINAL_macro enabled.xlsm

[2010/10/09 15:30:40 | 000,000,654 | ---- | C] () -- C:\Users\Arron\Desktop\Speccy.lnk

[2010/10/09 15:30:39 | 001,716,879 | ---- | C] () -- C:\Users\Arron\Desktop\NIGOL CLASSIC LOGO.png

[2010/10/09 15:30:39 | 000,361,829 | ---- | C] () -- C:\Users\Arron\Desktop\CUSTOMER PROTECTION POLICY.pdf

[2010/10/09 15:30:39 | 000,001,663 | ---- | C] () -- C:\Users\Arron\Desktop\FileZilla Client.lnk

[2010/10/09 15:30:39 | 000,000,969 | ---- | C] () -- C:\Users\Arron\Desktop\CCleaner.lnk

[2010/10/09 15:30:32 | 000,001,390 | ---- | C] () -- C:\Users\Arron\MODERN FURNITURE.SED

[2010/10/09 15:03:43 | 000,001,145 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2010/10/09 13:27:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/10/09 12:38:37 | 000,000,000 | -H-- | C] () -- C:\Users\Arron\Documents\Default.rdp

[2010/10/09 11:19:27 | 000,001,411 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/09 11:07:49 | 000,000,290 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2010/10/09 11:07:49 | 000,000,272 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2009/07/14 03:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 03:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2008/10/04 03:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll

[2008/09/28 21:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\Manipulate.dll

[2008/08/28 15:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll

[2008/08/28 15:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll

[2008/08/28 15:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll

[2006/11/06 23:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

========== LOP Check ==========

[2010/10/21 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/10/13 13:30:12 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\FileZilla

[2010/10/09 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\IndigoRose

[2010/10/20 22:34:37 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\TeamViewer

[2010/10/28 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\uTorrent

[2010/10/28 18:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At1.job

[2010/10/28 18:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At2.job

[2009/07/14 08:53:46 | 000,003,896 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras

OTL Extras logfile created on: 10/28/2010 10:35:07 PM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Arron\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 195.41 Gb Total Space | 51.74 Gb Free Space | 26.48% Space Free | Partition Type: NTFS

Drive D: | 368.05 Gb Total Space | 153.93 Gb Free Space | 41.82% Space Free | Partition Type: NTFS

Drive E: | 368.05 Gb Total Space | 285.29 Gb Free Space | 77.51% Space Free | Partition Type: NTFS

Computer Name: ARRON-PC | User Name: Arron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Users\Arron\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"\" = C:\Windows\system\dwm.exe:*:Enabled:KL -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension

"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data

"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA

"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core

"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime

"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect

"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA

"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist

"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav

"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5

"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro

"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common

"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English

"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM

"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN

"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture

"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AutoPlay Media Studio 8 Trial" = AutoPlay Media Studio 8 Trial

"AVG9Uninstall" = AVG Free 9.0

"Blaze Media Pro" = Blaze Media Pro

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FileZilla Client" = FileZilla Client 3.3.4.1

"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Picasa 3" = Picasa 3

"Recuva" = Recuva

"Samsung CLX-3170 Series" = Samsung CLX-3170 Series

"Speccy" = Speccy

"TeamViewer 5" = TeamViewer 5

"uTorrent" =

Share this post


Link to post
Share on other sites

As for the rootkit unhooker, can you please give me a mirror or something, the link you provided me is blocked in our country for some reason. Mediafire will be fine if its ok with you sir, thanks for the help.

Share this post


Link to post
Share on other sites

Hi, sorry if i my response is this late, i have downloaded the Rootkit Unhoocker, but whenver i try ro run it, it gives me an error

Error loading driver, NTSTATS code: 0xcC0000001

Thanks

Share this post


Link to post
Share on other sites

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Share this post


Link to post
Share on other sites

GMER LOG

GMER 1.0.15.15477 - http://www.gmer.net

Rootkit scan 2010-10-30 17:19:13

Windows 6.1.7600

Running: gwb988hv.exe; Driver: C:\Users\Arron\AppData\Local\Temp\aglcrpog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + F1E 828860EA 4 Bytes CALL 85D12273

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82886579 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828AAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!PsGetProcessWin32WindowStation + 152 82902DCC 8 Bytes PUSH 85D1226E; RET

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!UnhookWindowsHookEx 771BCC7B 5 Bytes JMP 6E037E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!CallNextHookEx 771BCC8F 5 Bytes JMP 6E0194EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E027AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!SetWindowsHookExW 771C210A 5 Bytes JMP 6DFD4243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamW 771E4AA7 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E1758AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6DF4490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E175848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E17590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E1757DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E175772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E175710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E1756AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6E175B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2072] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6E028595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E027AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxIndirectParamW 771E4AA7 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E1758AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6DF4490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E175848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E17590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E1757DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E175772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E175710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E1756AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4696] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6E175B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!UnhookWindowsHookEx 771BCC7B 5 Bytes JMP 6E037E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!CallNextHookEx 771BCC8F 5 Bytes JMP 6E0194EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E027AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!SetWindowsHookExW 771C210A 5 Bytes JMP 6DFD4243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxIndirectParamW 771E4AA7 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E1758AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6DF4490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E175848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E17590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E1757DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E175772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E175710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E1756AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6E175B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4736] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6E028595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!UnhookWindowsHookEx 771BCC7B 5 Bytes JMP 6E037E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CallNextHookEx 771BCC8F 5 Bytes JMP 6E0194EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E027AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!SetWindowsHookExW 771C210A 5 Bytes JMP 6DFD4243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxIndirectParamW 771E4AA7 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E1758AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6DF4490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E175848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E17590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E1757DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E175772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E175710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E1756AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6E175B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5364] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6E028595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!UnhookWindowsHookEx 771BCC7B 5 Bytes JMP 6E037E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CallNextHookEx 771BCC8F 5 Bytes JMP 6E0194EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CreateWindowExW 771C0E51 5 Bytes JMP 6E027AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!SetWindowsHookExW 771C210A 5 Bytes JMP 6DFD4243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxIndirectParamW 771E4AA7 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxIndirectParamW 771E4AA7 5 Bytes JMP 6E1758AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxParamW 771E564A 5 Bytes JMP 6DF4490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxParamA 771FCF6A 5 Bytes JMP 6E175848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxIndirectParamA 771FD29C 5 Bytes JMP 6E17590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxIndirectA 7720E8C9 5 Bytes JMP 6E1757DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxIndirectW 7720E9C3 5 Bytes JMP 6E175772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxExA 7720EA29 5 Bytes JMP 6E175710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxExW 7720EA4D 5 Bytes JMP 6E1756AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] ole32.dll!OleLoadFromStream 76B85B88 5 Bytes JMP 6E175B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5452] ole32.dll!CoCreateInstance 76BD57FC 5 Bytes JMP 6E028595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [741B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [741B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74195624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [741956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [741A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [741A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [741A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [741A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [741A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [741A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [741A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [741AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[776] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [741A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74195624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[2176] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[4332] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [741B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [741B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [74195624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [741956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [741A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [741A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [741A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [741A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [741A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [741A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [741A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [741AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.exe[5708] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [741A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[6092] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Threads - GMER 1.0.15 ----

Thread System [4:200] 85D10786

Thread System [4:204] 85D108C4

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\izmzpvcxvlsgmj.sys (*** hidden *** ) [bOOT] jzipc <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@ImagePath system32\drivers\izmzpvcxvlsgmj.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@DisplayName jzipc

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@Group Boot Bus Extender

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@_MAIN 0x64 0x62 0x02 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@RulesData 0x03 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@krnl_sleepfreq 0x10 0x0E 0x00 0x00

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@krnl_servers_list 0x68 0x74 0x74 0x70 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\jzipc@DeleteFlag 1

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{C6D7EC90-D3CE-11DF-9F33-806E6F6E6963} 1891021088

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\izmzpvcxvlsgmj.sys 44160 bytes executable <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites

Ok I can see the problem.

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

======================

Open gmer again and it will do a quick scan and when the red item comes up right click on it and choose Disable.

Then immediately reboot the system.

Then do the following:

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Share this post


Link to post
Share on other sites

Here is the ComboFixLog

ComboFix 10-10-29.03 - Arron 10/30/2010 18:12:07.1.4 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3069.2177 [GMT 4:00]

Running from: c:\users\Arron\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Arron\AppData\Roaming\Microsoft\AdjMmsVista.dll

c:\windows\system32\Memman.vxd

c:\windows\system32\skinboxer43.dll

.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))

.

2010-10-30 14:16 . 2010-10-30 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-30 14:07 . 2010-10-30 14:09 -------- d-----w- C:\32788R22FWJFW

2010-10-30 12:56 . 2010-10-30 12:56 294912 ----a-w- C:\gwb988hv.exe

2010-10-30 11:58 . 2010-10-30 12:00 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-10-30 11:57 . 2010-10-30 11:58 -------- d-----w- c:\programdata\Hitman Pro

2010-10-30 08:59 . 2010-10-22 11:39 22856 ----a-w- c:\windows\system32\dopdfmn7.dll

2010-10-30 08:59 . 2010-10-22 11:39 19784 ----a-w- c:\windows\system32\dopdfmi7.dll

2010-10-30 08:59 . 2010-10-30 08:59 -------- d-----w- c:\program files\Softland

2010-10-30 07:11 . 2010-10-30 12:27 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys

2010-10-28 16:55 . 2010-10-28 16:55 -------- d-----w- c:\program files\Windows Live Safety Center

2010-10-28 16:45 . 2010-10-28 16:45 -------- d-----w- C:\_OTM

2010-10-26 09:56 . 2010-10-30 14:05 44160 ----a-w- c:\windows\system32\drivers\izmzpvcxvlsgmj.sys

2010-10-26 08:22 . 2010-10-26 08:24 -------- d-----w- c:\program files\Blaze Media Pro

2010-10-26 08:22 . 2010-10-26 08:23 -------- dc-h--w- c:\programdata\{784E3329-1B2A-421E-9427-596088B766F6}

2010-10-20 18:34 . 2010-10-20 18:34 -------- d-----w- c:\program files\TeamViewer

2010-10-13 08:11 . 2010-10-13 08:11 -------- d-----w- C:\$AVG

2010-10-10 18:32 . 2010-10-10 18:32 -------- d-----w- c:\program files\Common Files\Corel

2010-10-10 14:58 . 2010-10-19 01:32 -------- d-----w- c:\programdata\Protexis

2010-10-10 08:24 . 2010-10-30 12:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2010-10-10 08:21 . 2009-02-24 14:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2010-10-10 08:21 . 2010-10-10 08:21 -------- d-----w- c:\program files\MagicDisc

2010-10-10 08:19 . 2010-10-10 08:19 -------- d-----w- c:\program files\MagicISO

2010-10-10 08:11 . 2009-11-25 08:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-10-10 08:11 . 2009-11-25 08:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-10-10 08:11 . 2009-11-25 08:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-10-10 08:11 . 2009-11-25 08:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-10-10 08:11 . 2009-11-25 08:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-10-10 07:39 . 2010-10-10 07:39 -------- d-----w- c:\windows\system32\Wat

2010-10-09 18:48 . 2010-10-09 07:07 -------- d-----w- c:\windows\Panther

2010-10-09 18:47 . 2010-10-09 18:47 -------- d-----w- C:\Boot

2010-10-09 18:32 . 2010-10-09 07:16 -------- d-----w- C:\Windows.old

2010-10-09 17:42 . 2010-10-09 17:42 -------- d-----w- c:\program files\Adobe Media Player

2010-10-09 17:40 . 2010-10-21 09:42 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-10-09 17:38 . 2010-10-10 08:15 -------- d-----w- c:\program files\Common Files\Adobe

2010-10-09 17:25 . 2010-10-09 17:25 -------- d-----w- c:\program files\Ask.com

2010-10-09 17:24 . 2010-10-09 17:27 -------- d-----w- c:\program files\uTorrent

2010-10-09 15:00 . 2010-10-09 15:00 -------- d-----w- c:\programdata\IndigoRose

2010-10-09 15:00 . 2010-10-09 15:00 -------- d-----w- c:\program files\AutoPlay Media Studio 8 Trial

2010-10-09 14:38 . 2010-10-09 14:38 -------- d-----w- c:\program files\Microsoft SDKs

2010-10-09 14:38 . 2010-10-09 14:38 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2010-10-09 14:37 . 2010-10-09 14:37 -------- d-----w- c:\program files\Common Files\Protexis

2010-10-09 14:37 . 2010-10-10 14:58 -------- d-----w- c:\programdata\Corel

2010-10-09 14:33 . 2010-10-09 14:33 -------- d-----w- c:\program files\Corel

2010-10-09 13:55 . 2006-10-26 15:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2010-10-09 13:55 . 2006-10-26 15:56 32592 ----a-w- c:\windows\system32\msonpmon.dll

2010-10-09 13:53 . 2010-10-09 13:53 -------- d-----w- c:\program files\Microsoft Works

2010-10-09 13:50 . 2010-10-30 14:06 -------- d-----w- c:\windows\PCHEALTH

2010-10-09 13:50 . 2010-10-10 08:11 -------- d-----w- c:\program files\Microsoft.NET

2010-10-09 13:48 . 2010-10-09 13:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-10-09 13:47 . 2010-10-09 14:41 -------- d-----w- c:\programdata\Microsoft Help

2010-10-09 13:27 . 2010-10-09 13:27 -------- d-----w- c:\program files\FileZilla FTP Client

2010-10-09 13:20 . 2010-10-09 13:20 -------- d-----w- c:\program files\Speccy

2010-10-09 13:19 . 2010-10-09 13:19 -------- d-----w- c:\program files\Recuva

2010-10-09 13:18 . 2010-10-09 13:18 -------- d-----w- c:\program files\CCleaner

2010-10-09 13:15 . 2010-10-09 13:15 -------- d-----w- c:\program files\Google

2010-10-09 12:55 . 2010-10-09 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-10-09 12:55 . 2010-10-09 12:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-10-09 12:54 . 2010-10-09 12:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-10-09 12:54 . 2010-10-09 12:54 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-10-09 12:54 . 2010-10-30 14:11 -------- d-----w- c:\windows\system32\drivers\Avg

2010-10-09 12:54 . 2010-10-09 12:54 -------- d-----w- c:\program files\AVG

2010-10-09 12:54 . 2010-10-09 12:54 -------- d-----w- c:\programdata\avg9

2010-10-09 12:46 . 2010-04-29 11:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-09 12:45 . 2010-10-09 12:45 -------- d-----w- c:\programdata\Malwarebytes

2010-10-09 12:45 . 2010-04-29 11:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-09 12:45 . 2010-10-09 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-09 12:27 . 2010-10-09 12:27 -------- d-----w- c:\windows\Samsung

2010-10-09 12:27 . 2009-09-21 22:30 482408 ----a-w- c:\windows\ssndii.exe

2010-10-09 12:27 . 2007-08-14 15:00 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst1cpc.dll

2010-10-09 12:27 . 2009-12-09 11:48 82432 ----a-w- c:\windows\system32\msxml4r.dll

2010-10-09 12:27 . 2009-12-09 11:48 81920 ----a-w- c:\windows\system32\ssdevm.dll

2010-10-09 12:27 . 2009-12-09 11:48 49152 ----a-w- c:\windows\system32\ssusbpn.dll

2010-10-09 12:27 . 2009-12-09 11:48 44544 ----a-w- c:\windows\system32\msxml4a.dll

2010-10-09 12:27 . 2009-12-09 11:48 38160 ----a-w- c:\windows\system32\msxml2r.dll

2010-10-09 12:27 . 2009-12-09 11:48 1233920 ----a-w- c:\windows\system32\msxml4.dll

2010-10-09 12:27 . 2009-12-09 11:48 701440 ----a-w- c:\windows\system32\msxml2.dll

2010-10-09 12:27 . 2009-12-09 11:48 21776 ----a-w- c:\windows\system32\msxml2a.dll

2010-10-09 12:27 . 2007-08-14 15:01 22723 ----a-w- c:\windows\system32\sst1cl3.dll

2010-10-09 12:26 . 2007-08-14 14:59 151552 ----a-w- c:\windows\system32\sst1cci.exe

2010-10-09 12:26 . 2007-08-14 14:59 65536 ----a-w- c:\windows\system32\sst1cci.dll

2010-10-09 12:25 . 2007-08-13 16:51 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS

2010-10-09 12:25 . 2010-10-09 12:25 -------- d-----w- c:\program files\Samsung

2010-10-09 11:03 . 2010-10-09 11:03 -------- d-----w- c:\programdata\Yahoo!

2010-10-09 11:02 . 2010-10-09 11:03 -------- d-----w- c:\program files\Yahoo!

2010-10-09 10:59 . 2010-10-30 07:09 -------- d-sh--w- c:\windows\Installer

2010-10-09 09:50 . 2010-10-09 09:50 -------- d-----w- c:\windows\system32\Macromed

2010-10-09 07:26 . 2010-09-16 06:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0F4C754-951C-4CC6-85AD-935A9F4C2BEB}\mpengine.dll

2010-10-09 07:26 . 2010-05-21 10:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-10-09 07:11 . 2010-10-30 08:38 -------- d-----w- c:\windows\system32\wbem\Performance

2010-10-09 07:07 . 2010-10-30 12:53 -------- d-----w- c:\users\Arron

2010-10-09 07:07 . 2010-10-09 07:07 -------- d-----w- C:\Recovery

2010-10-06 13:19 . 2010-10-06 13:19 -------- d-----w- C:\NVIDIA

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-10 07:39 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll

2010-10-10 07:39 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll

2010-10-10 07:39 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll

2010-09-27 20:57 . 2010-09-27 20:57 2826240 ----a-w- c:\windows\system32\GPhotos.scr

.

------- Sigcheck -------

[-] 2010-10-10 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-06-10 13:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]

"Google Update"="c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-09 136176]

"uTorrent"="c:\users\Arron\Downloads\utorrent.exe" [2010-10-09 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-09 2067808]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-10-10 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 09:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 Normandy;Normandy SR2; [x]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-10 1343400]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-10-09 216400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-10-09 243024]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-09 24636]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-10-09 921952]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-10-09 308136]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]

.

Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job

- c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 15:11]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job

- c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 15:11]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-10-30 18:18:25

ComboFix-quarantined-files.txt 2010-10-30 14:18

Pre-Run: 59,058,110,464 bytes free

Post-Run: 58,907,123,712 bytes free

- - End Of File - - CE9EA694E28619A7357C0C25DAB1F386

Share this post


Link to post
Share on other sites

1. Open notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=66186

Collect::
C:\Windows\system32\drivers\izmzpvcxvlsgmj.sys

FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll|c:\windows\System32\user32.dll


Driver::
jzipc
Normandy

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScriptB-4.gif

4. During this run Combofix will collect and automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

  • Combofix.txt

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Share this post


Link to post
Share on other sites

Here is the ComboFix Log

ComboFix 10-10-29.03 - Arron 10/30/2010 19:27:23.2.4 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3069.1437 [GMT 4:00]

Running from: c:\users\Arron\Desktop\ComboFix.exe

Command switches used :: c:\users\Arron\Desktop\CFScript.txt

file zipped: c:\windows\system32\drivers\izmzpvcxvlsgmj.sys

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\izmzpvcxvlsgmj.sys

.

--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Normandy

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))

.

2010-10-30 15:32 . 2010-10-30 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-30 12:56 . 2010-10-30 12:56 294912 ----a-w- C:\gwb988hv.exe

2010-10-30 11:58 . 2010-10-30 12:00 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-10-30 11:57 . 2010-10-30 11:58 -------- d-----w- c:\programdata\Hitman Pro

2010-10-30 08:59 . 2010-10-22 11:39 22856 ----a-w- c:\windows\system32\dopdfmn7.dll

2010-10-30 08:59 . 2010-10-22 11:39 19784 ----a-w- c:\windows\system32\dopdfmi7.dll

2010-10-30 08:59 . 2010-10-30 08:59 -------- d-----w- c:\program files\Softland

2010-10-30 07:11 . 2010-10-30 12:27 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys

2010-10-28 16:55 . 2010-10-28 16:55 -------- d-----w- c:\program files\Windows Live Safety Center

2010-10-28 16:45 . 2010-10-28 16:45 -------- d-----w- C:\_OTM

2010-10-26 08:22 . 2010-10-26 08:24 -------- d-----w- c:\program files\Blaze Media Pro

2010-10-26 08:22 . 2010-10-26 08:23 -------- dc-h--w- c:\programdata\{784E3329-1B2A-421E-9427-596088B766F6}

2010-10-20 18:34 . 2010-10-20 18:34 -------- d-----w- c:\program files\TeamViewer

2010-10-13 08:11 . 2010-10-13 08:11 -------- d-----w- C:\$AVG

2010-10-10 18:32 . 2010-10-10 18:32 -------- d-----w- c:\program files\Common Files\Corel

2010-10-10 14:58 . 2010-10-19 01:32 -------- d-----w- c:\programdata\Protexis

2010-10-10 08:24 . 2010-10-30 12:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2010-10-10 08:21 . 2009-02-24 14:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2010-10-10 08:21 . 2010-10-10 08:21 -------- d-----w- c:\program files\MagicDisc

2010-10-10 08:19 . 2010-10-10 08:19 -------- d-----w- c:\program files\MagicISO

2010-10-10 08:11 . 2009-11-25 08:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-10-10 08:11 . 2009-11-25 08:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-10-10 08:11 . 2009-11-25 08:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-10-10 08:11 . 2009-11-25 08:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-10-10 08:11 . 2009-11-25 08:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-10-10 07:39 . 2010-10-10 07:39 -------- d-----w- c:\windows\system32\Wat

2010-10-09 18:48 . 2010-10-09 07:07 -------- d-----w- c:\windows\Panther

2010-10-09 18:47 . 2010-10-30 15:33 -------- d-----w- C:\Boot

2010-10-09 18:32 . 2010-10-09 07:16 -------- d-----w- C:\Windows.old

2010-10-09 17:42 . 2010-10-09 17:42 -------- d-----w- c:\program files\Adobe Media Player

2010-10-09 17:40 . 2010-10-21 09:42 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-10-09 17:38 . 2010-10-10 08:15 -------- d-----w- c:\program files\Common Files\Adobe

2010-10-09 17:25 . 2010-10-09 17:25 -------- d-----w- c:\program files\Ask.com

2010-10-09 17:24 . 2010-10-09 17:27 -------- d-----w- c:\program files\uTorrent

2010-10-09 15:00 . 2010-10-09 15:00 -------- d-----w- c:\programdata\IndigoRose

2010-10-09 15:00 . 2010-10-09 15:00 -------- d-----w- c:\program files\AutoPlay Media Studio 8 Trial

2010-10-09 14:38 . 2010-10-09 14:38 -------- d-----w- c:\program files\Microsoft SDKs

2010-10-09 14:38 . 2010-10-09 14:38 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2010-10-09 14:37 . 2010-10-09 14:37 -------- d-----w- c:\program files\Common Files\Protexis

2010-10-09 14:37 . 2010-10-10 14:58 -------- d-----w- c:\programdata\Corel

2010-10-09 14:33 . 2010-10-09 14:33 -------- d-----w- c:\program files\Corel

2010-10-09 13:55 . 2006-10-26 15:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2010-10-09 13:55 . 2006-10-26 15:56 32592 ----a-w- c:\windows\system32\msonpmon.dll

2010-10-09 13:53 . 2010-10-09 13:53 -------- d-----w- c:\program files\Microsoft Works

2010-10-09 13:50 . 2010-10-30 14:06 -------- d-----w- c:\windows\PCHEALTH

2010-10-09 13:50 . 2010-10-10 08:11 -------- d-----w- c:\program files\Microsoft.NET

2010-10-09 13:48 . 2010-10-09 13:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-10-09 13:47 . 2010-10-09 14:41 -------- d-----w- c:\programdata\Microsoft Help

2010-10-09 13:27 . 2010-10-09 13:27 -------- d-----w- c:\program files\FileZilla FTP Client

2010-10-09 13:20 . 2010-10-09 13:20 -------- d-----w- c:\program files\Speccy

2010-10-09 13:19 . 2010-10-09 13:19 -------- d-----w- c:\program files\Recuva

2010-10-09 13:18 . 2010-10-09 13:18 -------- d-----w- c:\program files\CCleaner

2010-10-09 13:15 . 2010-10-09 13:15 -------- d-----w- c:\program files\Google

2010-10-09 12:55 . 2010-10-09 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-10-09 12:55 . 2010-10-09 12:55 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-10-09 12:54 . 2010-10-09 12:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-10-09 12:54 . 2010-10-09 12:54 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-10-09 12:54 . 2010-10-30 14:11 -------- d-----w- c:\windows\system32\drivers\Avg

2010-10-09 12:54 . 2010-10-09 12:54 -------- d-----w- c:\program files\AVG

2010-10-09 12:54 . 2010-10-09 12:54 -------- d-----w- c:\programdata\avg9

2010-10-09 12:46 . 2010-04-29 11:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-09 12:45 . 2010-10-09 12:45 -------- d-----w- c:\programdata\Malwarebytes

2010-10-09 12:45 . 2010-04-29 11:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-09 12:45 . 2010-10-09 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-09 12:27 . 2010-10-09 12:27 -------- d-----w- c:\windows\Samsung

2010-10-09 12:27 . 2009-09-21 22:30 482408 ----a-w- c:\windows\ssndii.exe

2010-10-09 12:27 . 2007-08-14 15:00 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst1cpc.dll

2010-10-09 12:27 . 2009-12-09 11:48 82432 ----a-w- c:\windows\system32\msxml4r.dll

2010-10-09 12:27 . 2009-12-09 11:48 81920 ----a-w- c:\windows\system32\ssdevm.dll

2010-10-09 12:27 . 2009-12-09 11:48 49152 ----a-w- c:\windows\system32\ssusbpn.dll

2010-10-09 12:27 . 2009-12-09 11:48 44544 ----a-w- c:\windows\system32\msxml4a.dll

2010-10-09 12:27 . 2009-12-09 11:48 38160 ----a-w- c:\windows\system32\msxml2r.dll

2010-10-09 12:27 . 2009-12-09 11:48 1233920 ----a-w- c:\windows\system32\msxml4.dll

2010-10-09 12:27 . 2009-12-09 11:48 701440 ----a-w- c:\windows\system32\msxml2.dll

2010-10-09 12:27 . 2009-12-09 11:48 21776 ----a-w- c:\windows\system32\msxml2a.dll

2010-10-09 12:27 . 2007-08-14 15:01 22723 ----a-w- c:\windows\system32\sst1cl3.dll

2010-10-09 12:26 . 2007-08-14 14:59 151552 ----a-w- c:\windows\system32\sst1cci.exe

2010-10-09 12:26 . 2007-08-14 14:59 65536 ----a-w- c:\windows\system32\sst1cci.dll

2010-10-09 12:25 . 2007-08-13 16:51 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS

2010-10-09 12:25 . 2010-10-09 12:25 -------- d-----w- c:\program files\Samsung

2010-10-09 11:03 . 2010-10-09 11:03 -------- d-----w- c:\programdata\Yahoo!

2010-10-09 11:02 . 2010-10-09 11:03 -------- d-----w- c:\program files\Yahoo!

2010-10-09 10:59 . 2010-10-30 07:09 -------- d-sh--w- c:\windows\Installer

2010-10-09 09:50 . 2010-10-09 09:50 -------- d-----w- c:\windows\system32\Macromed

2010-10-09 07:26 . 2010-09-16 06:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0F4C754-951C-4CC6-85AD-935A9F4C2BEB}\mpengine.dll

2010-10-09 07:26 . 2010-05-21 10:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-10-09 07:11 . 2010-10-30 08:38 -------- d-----w- c:\windows\system32\wbem\Performance

2010-10-09 07:07 . 2010-10-30 15:09 -------- d-----w- c:\users\Arron

2010-10-09 07:07 . 2010-10-09 07:07 -------- d-----w- C:\Recovery

2010-10-06 13:19 . 2010-10-06 13:19 -------- d-----w- C:\NVIDIA

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-10 07:39 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll

2010-10-10 07:39 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll

2010-09-27 20:57 . 2010-09-27 20:57 2826240 ----a-w- c:\windows\system32\GPhotos.scr

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-06-10 13:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]

"Google Update"="c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-09 136176]

"uTorrent"="c:\users\Arron\Downloads\utorrent.exe" [2010-10-09 328056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-09 2067808]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-10-10 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 09:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-09 24636]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-10 1343400]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-10-09 216400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-10-09 243024]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-10-09 921952]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-10-09 308136]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]

.

Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job

- c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 15:11]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job

- c:\users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-09 15:11]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\taskhost.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\xampp\mysql\bin\mysqld.exe

c:\program files\Blaze Media Pro\NMSAccess32.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\conhost.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\TeamViewer\Version5\TeamViewer.exe

c:\program files\AVG\AVG9\avgtray.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Yahoo!\Messenger\ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2010-10-30 19:37:29 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-30 15:37

ComboFix2.txt 2010-10-30 14:18

Pre-Run: 58,181,701,632 bytes free

Post-Run: 58,040,127,488 bytes free

- - End Of File - - DB7D0ABE12D08FF584862224A01E78BF

Upload was successful

Share this post


Link to post
Share on other sites

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

This is the Log for MBAM

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4998

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/30/2010 8:01:58 PM

mbam-log-2010-10-30 (20-01-58).txt

Scan type: Quick scan

Objects scanned: 142637

Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Here is the ESET log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=4076906b82a4cc479abe379dca0025c0

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-10-30 07:17:42

# local_time=2010-10-30 11:17:42 (+0400, Arabian Standard Time)

# country="United States"

# lang=9

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777215 100 0 1825983 1825983 0 0

# compatibility_mode=5893 16776574 100 94 1845626 40907434 0 0

# compatibility_mode=8192 67108863 100 0 203 203 0 0

# scanned=519376

# found=9

# cleaned=9

# scan_time=11419

C:\System Volume Information\_restore{E1AC6516-11C4-4B92-AE4C-395ED3CF5C79}\RP133\A0037036.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E1AC6516-11C4-4B92-AE4C-395ED3CF5C79}\RP151\A0045907.exe a variant of Win32/HotSpotShield application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{E1AC6516-11C4-4B92-AE4C-395ED3CF5C79}\RP186\A0054535.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Arron\Documents\HSS-1.45-install-webroot-239-conduit2.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Arron\USB\autorun.inf Win32/PSW.OnLineGames.NNU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Arron\USB\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx a variant of Win32/Conficker.AA worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\ARRON\INSTALLERS\HSS-1.37-install-webroot-225-conduit.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Windows.old\Documents and Settings\Arron Javal\My Documents\HSS-1.45-install-webroot-239-conduit2.exe a variant of Win32/HotSpotShield application (deleted - quarantined) 00000000000000000000000000000000 C

E:\aRRON\misc\Full Metal Alchemist Brotherhood\CorelDRAW Corel DRAW X5 v15.0.486 - XPVISTA7\CorelDRAWGraphicsSuiteX5Installer_EN-Mohsen6558.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

Great how are things running now?

Please open OTL once more and click on Run scan at the top.

Post the OTL log that opens.

Let me know of any remaining issues.

Share this post


Link to post
Share on other sites

Things are running great now thanks to your help sir, as you requested here is the OTL log

OTL logfile created on: 10/31/2010 9:41:57 PM - Run 2

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Arron\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 12.00% Memory free

6.00 Gb Paging File | 1.00 Gb Available in Paging File | 10.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 195.41 Gb Total Space | 50.01 Gb Free Space | 25.59% Space Free | Partition Type: NTFS

Drive D: | 368.05 Gb Total Space | 153.92 Gb Free Space | 41.82% Space Free | Partition Type: NTFS

Drive E: | 368.05 Gb Total Space | 285.78 Gb Free Space | 77.65% Space Free | Partition Type: NTFS

Drive H: | 3.75 Gb Total Space | 1.12 Gb Free Space | 30.01% Space Free | Partition Type: FAT32

Drive Z: | 824.62 Gb Total Space | 509.07 Gb Free Space | 61.73% Space Free | Partition Type: NTFS

Computer Name: ARRON-PC | User Name: Arron | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Arron\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.)

PRC - C:\Users\Arron\My Documents\BOIGB - Bot - 09.08.2010\BOIGB.exe (MQ2Emu.com)

PRC - C:\Perfect World Entertainment\Battle of the Immortals\Bin\Game.exe ()

PRC - c:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe (Corel Corporation)

PRC - C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe (Adobe Systems, Incorporated)

PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

PRC - C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - c:\xampp\mysql\bin\mysqld.exe ()

PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

PRC - C:\xampp\xampp-control.exe ()

PRC - C:\Program Files\Blaze Media Pro\NMSAccess32.exe ()

PRC - D:\ARRON\INSTALLERS\Desktops.exe (Sysinternals - www.sysinternals.com)

========== Modules (SafeList) ==========

MOD - C:\Users\Arron\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\TeamViewer\Version5\TV.dll (TeamViewer GmbH)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe ()

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()

SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe ()

SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)

========== Driver Services (SafeList) ==========

DRV - (DgiVecp) -- C:\Windows\System32\Drivers\DgiVecp.sys File not found

DRV - (catchme) -- C:\Users\Arron\AppData\Local\Temp\catchme.sys File not found

DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 3E 27 E0 48 78 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/10/30 19:34:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKCU..\Run: [Google Update] C:\Users\Arron\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [uTorrent] C:\Users\Arron\Downloads\utorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2010/10/31 17:50:58 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/31 21:38:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Arron\Desktop\OTL.exe

[2010/10/30 22:37:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\to be printed

[2010/10/30 20:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/10/30 19:34:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2010/10/30 19:25:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/10/30 18:18:26 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\temp

[2010/10/30 18:09:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/10/30 18:09:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/10/30 18:09:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/10/30 18:08:09 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/30 15:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro

[2010/10/30 15:26:40 | 050,449,456 | ---- | C] (Microsoft Corporation) -- C:\Users\Arron\Desktop\dotNetFx40_Full_x86_x64.exe

[2010/10/30 12:59:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Softland

[2010/10/30 12:59:49 | 000,022,856 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmn7.dll

[2010/10/30 12:59:49 | 000,019,784 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmi7.dll

[2010/10/30 12:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Softland

[2010/10/28 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2010/10/28 20:45:02 | 000,000,000 | ---D | C] -- C:\_OTM

[2010/10/28 20:43:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/10/26 12:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Blaze Media Pro

[2010/10/26 12:22:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}

[2010/10/26 12:21:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\PackageAware

[2010/10/21 13:39:26 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/10/20 22:34:37 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\TeamViewer

[2010/10/20 22:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer

[2010/10/20 16:52:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\GTH Documents

[2010/10/19 22:25:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\USB

[2010/10/19 17:01:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\Web joyfze

[2010/10/19 16:16:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\ElevatedDiagnostics

[2010/10/13 13:25:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\FileZilla

[2010/10/13 12:11:18 | 000,000,000 | ---D | C] -- C:\$AVG

[2010/10/10 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel

[2010/10/10 18:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis

[2010/10/10 18:58:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Corel

[2010/10/10 12:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2010/10/10 12:21:08 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys

[2010/10/10 12:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc

[2010/10/10 12:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO

[2010/10/10 12:19:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\WinRAR

[2010/10/10 12:11:29 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/10/10 12:11:29 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/10/10 12:11:29 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/10/10 12:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/10/10 11:45:09 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\AskToolbar

[2010/10/10 11:39:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2010/10/09 22:48:06 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2010/10/09 22:47:53 | 000,000,000 | ---D | C] -- C:\Boot

[2010/10/09 22:39:03 | 000,000,000 | ---D | C] -- C:\Windows.old.000

[2010/10/09 22:32:32 | 000,000,000 | ---D | C] -- C:\Windows.old

[2010/10/09 22:01:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010/10/09 21:59:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2010/10/09 21:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player

[2010/10/09 21:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/10/09 21:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/10/09 21:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2010/10/09 21:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/10/09 21:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2010/10/09 21:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/10/09 21:24:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\uTorrent

[2010/10/09 20:09:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Adobe

[2010/10/09 19:38:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Yahoo!

[2010/10/09 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Deployment

[2010/10/09 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Apps

[2010/10/09 19:02:21 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\IndigoRose

[2010/10/09 19:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/10/09 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IndigoRose

[2010/10/09 19:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\AutoPlay Media Studio 8 Trial

[2010/10/09 18:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs

[2010/10/09 18:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0

[2010/10/09 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis

[2010/10/09 18:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel

[2010/10/09 18:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Corel

[2010/10/09 17:55:36 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll

[2010/10/09 17:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2010/10/09 17:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2010/10/09 17:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2010/10/09 17:50:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/10/09 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/10/09 17:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

[2010/10/09 17:47:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Microsoft Help

[2010/10/09 17:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/10/09 17:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2010/10/09 17:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

[2010/10/09 17:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy

[2010/10/09 17:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2010/10/09 17:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/10/09 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Google

[2010/10/09 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2010/10/09 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\ZendOptimizer-3.3.9-linux-glibc23-i386

[2010/10/09 17:00:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Visual Studio 2008

[2010/10/09 17:00:33 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\OneNote Notebooks

[2010/10/09 16:56:44 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\My Palettes

[2010/10/09 16:56:44 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\My eBooks

[2010/10/09 16:56:43 | 000,000,000 | --SD | C] -- C:\Users\Arron\Documents\My Data Sources

[2010/10/09 16:56:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Modern

[2010/10/09 16:56:35 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\magazine ads

[2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\good sofas (MI CASA)

[2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\good dining sets ( MI CASA)

[2010/10/09 16:56:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\FURNITURE SCANS

[2010/10/09 16:55:14 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/10/09 16:55:08 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/10/09 16:54:59 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/10/09 16:54:55 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/10/09 16:54:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg

[2010/10/09 16:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/10/09 16:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/10/09 16:46:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Malwarebytes

[2010/10/09 16:46:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/10/09 16:45:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/10/09 16:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/09 16:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/09 16:36:15 | 000,000,000 | -H-D | C] -- C:\Users\Arron\Documents\Downloads

[2010/10/09 16:36:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\CyberLink

[2010/10/09 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\covers

[2010/10/09 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Corel User Files

[2010/10/09 16:36:10 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Corel

[2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Classic Presentation

[2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\CCCLeaner Registry Back Up

[2010/10/09 16:36:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\c4d

[2010/10/09 16:36:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\BOIGB - Bot - 09.08.2010

[2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\AutoPlay Media Studio 8

[2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Anvsoft

[2010/10/09 16:35:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\After Effects Composition

[2010/10/09 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate

[2010/10/09 16:27:33 | 000,000,000 | ---D | C] -- C:\Windows\Samsung

[2010/10/09 16:27:20 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll

[2010/10/09 16:27:20 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll

[2010/10/09 16:27:20 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll

[2010/10/09 16:27:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll

[2010/10/09 16:27:20 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2r.dll

[2010/10/09 16:27:19 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2.dll

[2010/10/09 16:27:19 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2a.dll

[2010/10/09 16:26:54 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sst1cci.exe

[2010/10/09 16:26:54 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sst1cci.dll

[2010/10/09 16:25:57 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS

[2010/10/09 16:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung

[2010/10/09 16:24:05 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Diagnostics

[2010/10/09 16:23:24 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Adobe CS4 Master Collection

[2010/10/09 16:21:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\Documents\Adobe

[2010/10/09 16:21:25 | 003,795,360 | ---- | C] (Piriform Ltd) -- C:\Users\Arron\Documents\rcsetup138.exe

[2010/10/09 16:21:25 | 001,759,261 | ---- | C] (Simon Tatham ) -- C:\Users\Arron\Documents\putty-0.60-installer.exe

[2010/10/09 16:21:25 | 001,244,536 | ---- | C] (Piriform Ltd) -- C:\Users\Arron\Documents\spsetup103.exe

[2010/10/09 16:21:21 | 010,344,252 | ---- | C] (Kalendra, Ltd. ) -- C:\Users\Arron\Documents\KalendraSetup.exe

[2010/10/09 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\WEBSITE AC 3.0

[2010/10/09 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\WAREHOUSE FLOORPLAN

[2010/10/09 16:18:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VIVIONA LOVE SEAT

[2010/10/09 16:18:43 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VILLA PRESENTATION

[2010/10/09 16:18:28 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\VIDEOS

[2010/10/09 16:18:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Tapestries

[2010/10/09 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\stands

[2010/10/09 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\SREEJA

[2010/10/09 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\SAJEEV

[2010/10/09 16:18:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ROMA

[2010/10/09 16:17:59 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Quotation

[2010/10/09 16:17:36 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PSD

[2010/10/09 16:17:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PRESENTATIONS

[2010/10/09 16:17:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PICTURES FROM E-MAIL

[2010/10/09 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\pdf-quotation-mr.dory

[2010/10/09 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\PDF

[2010/10/09 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Pablo

[2010/10/09 16:15:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\now

[2010/10/09 16:15:48 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\new pix

[2010/10/09 16:15:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\New Items

[2010/10/09 16:15:38 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\NEW BEDS

[2010/10/09 16:15:37 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Nastassia Side Table

[2010/10/09 16:15:30 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ms nagham

[2010/10/09 16:14:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ms gulnora

[2010/10/09 16:11:22 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MS BAHAR

[2010/10/09 16:11:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Mr. Henry's Qoute

[2010/10/09 16:10:38 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MR MAHMOUD

[2010/10/09 16:10:26 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mr henry

[2010/10/09 16:10:19 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\MR EMAMI

[2010/10/09 16:02:30 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mr dory

[2010/10/09 16:02:14 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\mp3

[2010/10/09 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\modern

[2010/10/09 15:58:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Map

[2010/10/09 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Mantellasi

[2010/10/09 15:57:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Madam Emami

[2010/10/09 15:55:41 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Khalifa

[2010/10/09 15:55:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\JPGS

[2010/10/09 15:55:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\IT Dept

[2010/10/09 15:54:33 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\IMAGES

[2010/10/09 15:54:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\HAJRI FLOOR PLAN PDF

[2010/10/09 15:54:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\hajri

[2010/10/09 15:54:31 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\geremyYYYYYYYYYYYYYYYYY

[2010/10/09 15:54:27 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\GAMELLINUS

[2010/10/09 15:54:19 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\FURNITURE DAMAGES

[2010/10/09 15:53:42 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\from camera

[2010/10/09 15:53:29 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\For website used

[2010/10/09 15:52:50 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\FILES

[2010/10/09 15:52:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\EXCEL

[2010/10/09 15:52:35 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ENCODED PSD

[2010/10/09 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\e-mail format intro

[2010/10/09 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\dining

[2010/10/09 15:43:18 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\DESKTOP FOLDERs

[2010/10/09 15:43:04 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\CURTAINS

[2010/10/09 15:43:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\COFFEE TABLES

[2010/10/09 15:42:55 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Chandelier Pics

[2010/10/09 15:42:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\cd menu

[2010/10/09 15:39:13 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\CATALOG

[2010/10/09 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\BAMBINO

[2010/10/09 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\BAMBI2

[2010/10/09 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\background'

[2010/10/09 15:38:45 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\asdasdasdasdasdasd

[2010/10/09 15:38:25 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Arron

[2010/10/09 15:37:34 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\ALL GTH BEDS EDITED

[2010/10/09 15:37:20 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\AL MANA COMPARISON

[2010/10/09 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Al Mana

[2010/10/09 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\Abdulllah

[2010/10/09 15:31:01 | 000,000,000 | ---D | C] -- C:\Users\Arron\Desktop\2

[2010/10/09 15:30:32 | 000,000,000 | ---D | C] -- C:\Users\Arron\ChikkaDefault

[2010/10/09 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Yahoo!

[2010/10/09 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Yahoo

[2010/10/09 15:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!

[2010/10/09 15:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/10/09 14:59:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2010/10/09 13:51:08 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Macromedia

[2010/10/09 13:50:42 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Adobe

[2010/10/09 13:50:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2010/10/09 11:26:56 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/10/09 11:08:12 | 000,000,000 | R--D | C] -- C:\Users\Arron\Searches

[2010/10/09 11:08:12 | 000,000,000 | -H-D | C] -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2010/10/09 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Identities

[2010/10/09 11:08:02 | 000,000,000 | R--D | C] -- C:\Users\Arron\Contacts

[2010/10/09 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\VirtualStore

[2010/10/09 11:07:49 | 000,000,000 | --SD | C] -- C:\Users\Arron\AppData\Roaming\Microsoft

[2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Start Menu

[2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Documents\My Pictures

[2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\Documents\My Music

[2010/10/09 11:07:49 | 000,000,000 | RHSD | C] -- C:\Users\Arron\My Documents

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Videos

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Saved Games

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Pictures

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Music

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Links

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Favorites

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Downloads

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\My Documents

[2010/10/09 11:07:49 | 000,000,000 | R--D | C] -- C:\Users\Arron\Desktop

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\Temporary Internet Files

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Templates

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\SendTo

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Recent

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\PrintHood

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\NetHood

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Documents\My Videos

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Local Settings

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\History

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Cookies

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\Application Data

[2010/10/09 11:07:49 | 000,000,000 | -HSD | C] -- C:\Users\Arron\AppData\Local\Application Data

[2010/10/09 11:07:49 | 000,000,000 | -H-D | C] -- C:\Users\Arron\AppData

[2010/10/09 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Local\Microsoft

[2010/10/09 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Arron\AppData\Roaming\Media Center Programs

[2010/10/09 11:07:35 | 000,000,000 | ---D | C] -- C:\Recovery

[2010/10/06 17:29:26 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2010/10/06 17:19:04 | 000,000,000 | ---D | C] -- C:\NVIDIA

[1 C:\Users\Arron\Documents\*.tmp files -> C:\Users\Arron\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 21:38:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Arron\Desktop\OTL.exe

[2010/10/31 21:22:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job

[2010/10/31 21:20:05 | 000,032,059 | ---- | M] () -- C:\Users\Arron\Desktop\2_209056269l.jpg

[2010/10/31 19:13:39 | 002,924,376 | ---- | M] () -- C:\Users\Arron\Desktop\CLASSIC_01.pdf

[2010/10/31 18:01:53 | 067,040,961 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/10/31 16:49:32 | 000,062,449 | ---- | M] () -- C:\Users\Arron\CCF10292010_00001.jpg

[2010/10/31 12:49:39 | 000,061,600 | ---- | M] () -- C:\Users\Arron\Desktop\attachments_2010_10_31.zip

[2010/10/31 12:16:26 | 000,662,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/10/31 12:16:26 | 000,121,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/10/31 11:14:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/31 04:23:53 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job

[2010/10/30 19:46:58 | 000,213,504 | ---- | M] () -- C:\Users\Arron\vina cv.doc

[2010/10/30 19:34:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/10/30 19:34:05 | 2413,424,640 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/30 18:37:38 | 000,163,311 | ---- | M] () -- C:\Users\Arron\arr (2).jpg

[2010/10/30 17:45:25 | 003,895,619 | R--- | M] () -- C:\Users\Arron\Desktop\ComboFix.exe

[2010/10/30 16:56:18 | 000,294,912 | ---- | M] () -- C:\gwb988hv.exe

[2010/10/30 16:50:28 | 000,160,424 | ---- | M] () -- C:\Users\Arron\arr.jpg

[2010/10/30 16:27:49 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys

[2010/10/30 16:00:49 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2010/10/30 15:58:56 | 000,000,372 | ---- | M] () -- C:\Windows\System32\.crusader

[2010/10/30 15:33:00 | 143,327,340 | ---- | M] () -- C:\Users\Arron\Desktop\Untitled-1.cdr

[2010/10/30 15:26:42 | 050,449,456 | ---- | M] (Microsoft Corporation) -- C:\Users\Arron\Desktop\dotNetFx40_Full_x86_x64.exe

[2010/10/30 15:18:36 | 009,476,474 | ---- | M] () -- C:\Users\Arron\Desktop\BEDS.pdf

[2010/10/30 15:17:04 | 000,040,302 | ---- | M] () -- C:\Users\Arron\Documents\cc_20101030_151700.reg

[2010/10/30 13:58:40 | 000,244,961 | ---- | M] () -- C:\Users\Arron\CCF10302010_00001.jpg

[2010/10/28 21:50:01 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/28 21:50:01 | 000,009,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/28 20:18:23 | 003,783,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/10/28 18:21:27 | 000,084,992 | ---- | M] () -- C:\Windows\MBR.exe

[2010/10/28 15:41:15 | 002,126,092 | ---- | M] () -- C:\Users\Arron\Desktop\SIGNAGE DIMENSION.jpg

[2010/10/28 14:56:16 | 010,857,464 | ---- | M] () -- C:\Users\Arron\Desktop\gmaker80.exe

[2010/10/28 12:31:10 | 001,336,859 | ---- | M] () -- C:\Users\Arron\Desktop\Floor Plan.cdr

[2010/10/26 12:22:53 | 000,000,901 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Blaze Media Pro.lnk

[2010/10/26 12:22:53 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Blaze Media Pro.lnk

[2010/10/25 20:42:56 | 006,638,686 | ---- | M] () -- C:\Users\Arron\Desktop\Coldplay-The Scientist (Acoustic).mp3

[2010/10/25 12:26:55 | 000,165,186 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA AC_BG.jpg

[2010/10/24 21:30:21 | 000,156,054 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA S3S_BG.jpg

[2010/10/24 21:30:13 | 000,192,354 | ---- | M] () -- C:\Users\Arron\Desktop\ISAURA ACC_BG.jpg

[2010/10/23 19:58:58 | 001,330,444 | ---- | M] () -- C:\Users\Arron\Desktop\Backup_of_Floor Plan.cdr

[2010/10/22 15:39:32 | 000,022,856 | ---- | M] (Softland) -- C:\Windows\System32\dopdfmn7.dll

[2010/10/22 15:39:32 | 000,019,784 | ---- | M] (Softland) -- C:\Windows\System32\dopdfmi7.dll

[2010/10/22 12:23:07 | 000,002,363 | ---- | M] () -- C:\Users\Arron\Desktop\Google Chrome.lnk

[2010/10/20 22:34:33 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk

[2010/10/19 13:33:04 | 000,079,015 | ---- | M] () -- C:\Windows\FontData.fdb

[2010/10/14 14:57:41 | 000,540,855 | ---- | M] () -- C:\Users\Arron\nigol directory_new.cdr

[2010/10/14 14:21:39 | 000,507,383 | ---- | M] () -- C:\Users\Arron\Backup_of_nigol directory_new.cdr

[2010/10/13 13:20:19 | 000,000,441 | ---- | M] () -- C:\Users\Arron\Desktop\XAMPP Control Panel.lnk

[2010/10/13 13:03:02 | 000,001,107 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2010/10/10 12:21:45 | 000,000,963 | ---- | M] () -- C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2010/10/10 12:21:45 | 000,000,927 | ---- | M] () -- C:\Users\Arron\Desktop\MagicDisc.lnk

[2010/10/10 12:19:52 | 000,001,773 | ---- | M] () -- C:\Users\Arron\Desktop\MagicISO.lnk

[2010/10/10 12:15:55 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/10/10 11:49:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/10/10 11:39:43 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll

[2010/10/10 11:39:43 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll

[2010/10/09 22:47:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2010/10/09 22:47:54 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved

[2010/10/09 22:03:22 | 000,040,833 | ---- | M] () -- C:\Windows\System32\license.rtf

[2010/10/09 19:00:28 | 000,000,000 | ---- | M] () -- C:\Windows\AutoPlayDesign.INI

[2010/10/09 19:00:27 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\AutoPlay Media Studio 8 Trial.lnk

[2010/10/09 17:27:49 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk

[2010/10/09 17:20:46 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk

[2010/10/09 17:19:31 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk

[2010/10/09 17:18:20 | 000,000,969 | ---- | M] () -- C:\Users\Arron\Desktop\CCleaner.lnk

[2010/10/09 17:15:39 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk

[2010/10/09 16:55:14 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/10/09 16:55:14 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/10/09 16:55:08 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/10/09 16:54:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/10/09 16:54:55 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

[2010/10/09 16:54:55 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/10/09 16:46:04 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/09 16:27:35 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url

[2010/10/09 15:03:43 | 000,001,145 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2010/10/09 13:27:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/10/09 11:19:27 | 000,001,411 | ---- | M] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/05 22:32:20 | 000,000,000 | ---- | M] () -- C:\Users\Arron\Documents\VII marketing..doc

[2010/10/05 22:04:36 | 000,650,147 | ---- | M] () -- C:\Users\Arron\Documents\final-cartoon-team-durian-colors-all.jpg

[2010/10/05 21:12:26 | 000,427,520 | ---- | M] () -- C:\Users\Arron\Documents\VII.doc

[2010/10/05 15:40:23 | 000,160,256 | ---- | M] () -- C:\Users\Arron\Documents\rizal life and workss.doc

[2010/10/05 13:16:59 | 001,939,971 | ---- | M] () -- C:\Users\Arron\Desktop\QTTN FORMAT.cdr

[2010/10/03 16:21:15 | 000,006,144 | ---- | M] () -- C:\Users\Arron\Documents\CD STICKER.zdp

[2010/10/03 15:37:19 | 000,000,000 | -H-- | M] () -- C:\Users\Arron\Documents\Default.rdp

[2010/10/02 18:16:04 | 411,890,837 | ---- | M] () -- C:\Users\Arron\Documents\HoNClient-1.0.12.1.exe

[1 C:\Users\Arron\Documents\*.tmp files -> C:\Users\Arron\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/31 21:20:29 | 000,032,059 | ---- | C] () -- C:\Users\Arron\Desktop\2_209056269l.jpg

[2010/10/31 19:13:21 | 002,924,376 | ---- | C] () -- C:\Users\Arron\Desktop\CLASSIC_01.pdf

[2010/10/31 12:49:48 | 000,062,449 | ---- | C] () -- C:\Users\Arron\CCF10292010_00001.jpg

[2010/10/31 12:49:39 | 000,061,600 | ---- | C] () -- C:\Users\Arron\Desktop\attachments_2010_10_31.zip

[2010/10/30 19:42:09 | 000,213,504 | ---- | C] () -- C:\Users\Arron\vina cv.doc

[2010/10/30 18:37:37 | 000,163,311 | ---- | C] () -- C:\Users\Arron\arr (2).jpg

[2010/10/30 18:09:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/10/30 18:09:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/10/30 18:09:44 | 000,084,992 | ---- | C] () -- C:\Windows\MBR.exe

[2010/10/30 18:09:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/10/30 18:09:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/10/30 17:45:25 | 003,895,619 | R--- | C] () -- C:\Users\Arron\Desktop\ComboFix.exe

[2010/10/30 16:56:18 | 000,294,912 | ---- | C] () -- C:\gwb988hv.exe

[2010/10/30 16:50:27 | 000,160,424 | ---- | C] () -- C:\Users\Arron\arr.jpg

[2010/10/30 15:58:56 | 000,000,372 | ---- | C] () -- C:\Windows\System32\.crusader

[2010/10/30 15:58:06 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2010/10/30 15:30:29 | 143,327,340 | ---- | C] () -- C:\Users\Arron\Desktop\Untitled-1.cdr

[2010/10/30 15:17:02 | 000,040,302 | ---- | C] () -- C:\Users\Arron\Documents\cc_20101030_151700.reg

[2010/10/30 14:28:08 | 009,476,474 | ---- | C] () -- C:\Users\Arron\Desktop\BEDS.pdf

[2010/10/30 13:58:25 | 000,244,961 | ---- | C] () -- C:\Users\Arron\CCF10302010_00001.jpg

[2010/10/30 12:59:49 | 000,007,549 | ---- | C] () -- C:\Windows\System32\dopdf7.ctm

[2010/10/30 11:11:46 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys

[2010/10/28 15:35:49 | 002,126,092 | ---- | C] () -- C:\Users\Arron\Desktop\SIGNAGE DIMENSION.jpg

[2010/10/28 14:56:16 | 010,857,464 | ---- | C] () -- C:\Users\Arron\Desktop\gmaker80.exe

[2010/10/26 12:22:53 | 000,000,901 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Blaze Media Pro.lnk

[2010/10/26 12:22:53 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Blaze Media Pro.lnk

[2010/10/25 20:42:56 | 006,638,686 | ---- | C] () -- C:\Users\Arron\Desktop\Coldplay-The Scientist (Acoustic).mp3

[2010/10/25 12:26:55 | 000,165,186 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA AC_BG.jpg

[2010/10/24 21:30:27 | 000,156,054 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA S3S_BG.jpg

[2010/10/24 21:30:13 | 000,192,354 | ---- | C] () -- C:\Users\Arron\Desktop\ISAURA ACC_BG.jpg

[2010/10/23 19:37:36 | 001,330,444 | ---- | C] () -- C:\Users\Arron\Desktop\Backup_of_Floor Plan.cdr

[2010/10/23 19:23:40 | 001,336,859 | ---- | C] () -- C:\Users\Arron\Desktop\Floor Plan.cdr

[2010/10/20 22:34:33 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk

[2010/10/19 13:33:00 | 000,079,015 | ---- | C] () -- C:\Windows\FontData.fdb

[2010/10/14 14:57:40 | 000,507,383 | ---- | C] () -- C:\Users\Arron\Backup_of_nigol directory_new.cdr

[2010/10/14 14:21:36 | 000,540,855 | ---- | C] () -- C:\Users\Arron\nigol directory_new.cdr

[2010/10/13 13:20:19 | 000,000,441 | ---- | C] () -- C:\Users\Arron\Desktop\XAMPP Control Panel.lnk

[2010/10/13 13:03:02 | 000,001,107 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2010/10/10 12:21:45 | 000,000,963 | ---- | C] () -- C:\Users\Arron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

[2010/10/10 12:21:45 | 000,000,927 | ---- | C] () -- C:\Users\Arron\Desktop\MagicDisc.lnk

[2010/10/10 12:19:52 | 000,001,773 | ---- | C] () -- C:\Users\Arron\Desktop\MagicISO.lnk

[2010/10/10 12:15:55 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/10/10 11:49:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/10/09 22:47:56 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2010/10/09 22:47:54 | 000,383,562 | RHS- | C] () -- C:\bootmgr

[2010/10/09 22:47:54 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK

[2010/10/09 21:58:26 | 2413,424,640 | -HS- | C] () -- C:\hiberfil.sys

[2010/10/09 19:13:50 | 000,002,363 | ---- | C] () -- C:\Users\Arron\Desktop\Google Chrome.lnk

[2010/10/09 19:11:23 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000UA.job

[2010/10/09 19:11:22 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1226910906-1826878421-1326697889-1000Core.job

[2010/10/09 19:00:28 | 000,000,000 | ---- | C] () -- C:\Windows\AutoPlayDesign.INI

[2010/10/09 19:00:27 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\AutoPlay Media Studio 8 Trial.lnk

[2010/10/09 17:27:49 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk

[2010/10/09 17:20:46 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk

[2010/10/09 17:19:31 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk

[2010/10/09 17:15:39 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk

[2010/10/09 16:55:14 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/10/09 16:54:55 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

[2010/10/09 16:54:50 | 067,040,961 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/10/09 16:46:04 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/09 16:27:35 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url

[2010/10/09 16:27:33 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe

[2010/10/09 16:27:09 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico

[2010/10/09 16:27:04 | 000,005,430 | ---- | C] () -- C:\Windows\AnyWeb Print.ico

[2010/10/09 16:27:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll

[2010/10/09 16:27:00 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sst1cl3.smt

[2010/10/09 16:21:51 | 000,000,162 | -HS- | C] () -- C:\Users\Arron\Documents\~$BANATA 14 SI RIZAL SA LONDO111.docx

[2010/10/09 16:21:51 | 000,000,162 | -HS- | C] () -- C:\Users\Arron\Documents\~$apter 14 Rizal in London333.docx

[2010/10/09 16:21:42 | 183,100,582 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_460_[400p][1853AD4C].avi

[2010/10/09 16:21:35 | 183,483,930 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_459_[400p][b14FBE73].avi

[2010/10/09 16:21:26 | 182,789,340 | ---- | C] () -- C:\Users\Arron\Documents\[yibis]_One_Piece_458_[400p][E62EFBB9].avi

[2010/10/09 16:21:26 | 023,137,719 | ---- | C] () -- C:\Users\Arron\Documents\SWScan00002.tif

[2010/10/09 16:21:26 | 019,495,102 | ---- | C] () -- C:\Users\Arron\Documents\vlc-1.1.0-win32.exe

[2010/10/09 16:21:26 | 003,127,521 | ---- | C] () -- C:\Users\Arron\Documents\ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz

[2010/10/09 16:21:26 | 000,835,180 | ---- | C] () -- C:\Users\Arron\Documents\volleyball_logo.cdr

[2010/10/09 16:21:26 | 000,427,520 | ---- | C] () -- C:\Users\Arron\Documents\VII.doc

[2010/10/09 16:21:26 | 000,203,597 | ---- | C] () -- C:\Users\Arron\Documents\volleyball.cdr

[2010/10/09 16:21:26 | 000,184,803 | ---- | C] () -- C:\Users\Arron\Documents\WH plans_rev 02 Model (2).pdf

[2010/10/09 16:21:26 | 000,086,914 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-1.jpg

[2010/10/09 16:21:26 | 000,048,865 | ---- | C] () -- C:\Users\Arron\Documents\wnaspi32.zip

[2010/10/09 16:21:26 | 000,032,722 | ---- | C] () -- C:\Users\Arron\Documents\WILSON LUCE DIAZ.docx

[2010/10/09 16:21:26 | 000,032,686 | ---- | C] () -- C:\Users\Arron\Documents\zlib1.zip

[2010/10/09 16:21:26 | 000,007,762 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-2.html

[2010/10/09 16:21:26 | 000,004,465 | ---- | C] () -- C:\Users\Arron\Documents\Untitled-5.html

[2010/10/09 16:21:26 | 000,000,000 | ---- | C] () -- C:\Users\Arron\Documents\VII marketing..doc

[2010/10/09 16:21:25 | 023,137,719 | ---- | C] () -- C:\Users\Arron\Documents\SWScan00001.tif

[2010/10/09 16:21:25 | 006,222,567 | ---- | C] () -- C:\Users\Arron\Documents\ramadan.rar

[2010/10/09 16:21:25 | 001,189,716 | ---- | C] () -- C:\Users\Arron\Documents\logo2.psd

[2010/10/09 16:21:25 | 000,160,256 | ---- | C] () -- C:\Users\Arron\Documents\rizal life and workss.doc

[2010/10/09 16:21:25 | 000,131,584 | ---- | C] () -- C:\Users\Arron\Documents\Nestor%20A[1].doc

[2010/10/09 16:21:25 | 000,109,950 | ---- | C] () -- C:\Users\Arron\Documents\SHOE COMPANY.docx

[2010/10/09 16:21:25 | 000,087,231 | ---- | C] () -- C:\Users\Arron\Documents\logo.psd

[2010/10/09 16:21:25 | 000,064,007 | ---- | C] () -- C:\Users\Arron\Documents\Nastassia.JPG

[2010/10/09 16:21:25 | 000,047,104 | ---- | C] () -- C:\Users\Arron\Documents\LPO_FORM.xls

[2010/10/09 16:21:25 | 000,040,607 | ---- | C] () -- C:\Users\Arron\Documents\scan0001.jpg

[2010/10/09 16:21:25 | 000,022,932 | ---- | C] () -- C:\Users\Arron\Documents\Managing Physical Assets.docx

[2010/10/09 16:21:25 | 000,022,500 | ---- | C] () -- C:\Users\Arron\Documents\logo.jpg

[2010/10/09 16:21:25 | 000,017,900 | ---- | C] () -- C:\Users\Arron\Documents\Managing Physical Assets with explanation.docx

[2010/10/09 16:21:25 | 000,015,360 | ---- | C] () -- C:\Users\Arron\Documents\NewProject.isc

[2010/10/09 16:21:25 | 000,011,763 | ---- | C] () -- C:\Users\Arron\Documents\Quotation Lists.xlsx

[2010/10/09 16:21:25 | 000,009,186 | ---- | C] () -- C:\Users\Arron\Documents\Nigol.html

[2010/10/09 16:21:25 | 000,004,443 | ---- | C] () -- C:\Users\Arron\Documents\Ramadan.html

[2010/10/09 16:21:22 | 037,552,417 | ---- | C] () -- C:\Users\Arron\Documents\Legend of Zelda, The - Majora's Mask.7z

[2010/10/09 16:21:21 | 033,554,432 | ---- | C] () -- C:\Users\Arron\Documents\Legend of Zelda, The - Majora's Mask (E) (M4) (V1.0) [!].z64

[2010/10/09 16:21:21 | 002,829,952 | ---- | C] () -- C:\Users\Arron\Documents\Joomla_1.0.15-Stable-Full_Package.zip

[2010/10/09 16:21:21 | 000,100,933 | ---- | C] () -- C:\Users\Arron\Documents\ICD1.0.6.zip

[2010/10/09 16:21:21 | 000,054,798 | ---- | C] () -- C:\Users\Arron\Documents\JOY.cdr

[2010/10/09 16:21:21 | 000,016,226 | ---- | C] () -- C:\Users\Arron\Documents\KABANATA 14 SI RIZAL SA LONDO111.docx

[2010/10/09 16:21:03 | 411,890,837 | ---- | C] () -- C:\Users\Arron\Documents\HoNClient-1.0.12.1.exe

[2010/10/09 16:21:02 | 003,606,977 | ---- | C] () -- C:\Users\Arron\Documents\good sofas (MI CASA).zip

[2010/10/09 16:21:02 | 000,029,786 | ---- | C] () -- C:\Users\Arron\Documents\GOVERNMENT OFFICES.docx

[2010/10/09 16:21:02 | 000,029,520 | ---- | C] () -- C:\Users\Arron\Documents\Graphic2.cdr

[2010/10/09 16:21:02 | 000,018,387 | ---- | C] () -- C:\Users\Arron\Documents\Graphic1.cdr

[2010/10/09 16:21:02 | 000,000,615 | ---- | C] () -- C:\Users\Arron\Documents\heart1.gif

[2010/10/09 16:21:01 | 000,650,147 | ---- | C] () -- C:\Users\Arron\Documents\final-cartoon-team-durian-colors-all.jpg

[2010/10/09 16:21:01 | 000,461,639 | ---- | C] () -- C:\Users\Arron\Documents\good dining sets ( MI CASA).zip

[2010/10/09 16:21:01 | 000,319,488 | ---- | C] () -- C:\Users\Arron\Documents\FUF.accdb

[2010/10/09 16:21:01 | 000,024,576 | ---- | C] () -- C:\Users\Arron\Documents\Curtain Dimensions.xls

[2010/10/09 16:21:01 | 000,008,029 | ---- | C] () -- C:\Users\Arron\Documents\FadeToTranslucent.zip

[2010/10/09 16:21:01 | 000,005,927 | ---- | C] () -- C:\Users\Arron\Documents\ExplodeEffect.zip

[2010/10/09 16:21:01 | 000,002,716 | ---- | C] () -- C:\Users\Arron\Documents\configuration.php

[2010/10/09 16:20:40 | 485,337,223 | ---- | C] () -- C:\Users\Arron\Documents\CLASSIC_01_p38-48.pdf

[2010/10/09 16:20:40 | 000,019,112 | ---- | C] () -- C:\Users\Arron\Documents\Chapter 14 Rizal in London.docx

[2010/10/09 16:20:40 | 000,017,038 | ---- | C] () -- C:\Users\Arron\Documents\Chapter 14 Rizal in London333.docx

[2010/10/09 16:20:40 | 000,006,144 | ---- | C] () -- C:\Users\Arron\Documents\CD STICKER.zdp

[2010/10/09 16:20:38 | 033,080,095 | ---- | C] () -- C:\Users\Arron\Documents\CATALOG P11-22.pdf

[2010/10/09 16:20:38 | 000,804,746 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_volleyball_logo.cdr

[2010/10/09 16:20:38 | 000,343,006 | ---- | C] () -- C:\Users\Arron\Documents\BOIGB - Bot - 09.08.2010.rar

[2010/10/09 16:20:38 | 000,210,071 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_volleyball.cdr

[2010/10/09 16:20:38 | 000,071,311 | ---- | C] () -- C:\Users\Arron\Documents\camfrog.zip

[2010/10/09 16:20:38 | 000,052,121 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_JOY.cdr

[2010/10/09 16:20:38 | 000,027,040 | ---- | C] () -- C:\Users\Arron\Documents\CALL CENTER.docx

[2010/10/09 16:20:23 | 537,524,196 | ---- | C] () -- C:\Users\Arron\Documents\Backup_of_CLASSIC_01_p1-10.pdf

[2010/10/09 16:20:23 | 003,598,486 | ---- | C] () -- C:\Users\Arron\Documents\10000-3(top).psd

[2010/10/09 16:20:23 | 000,188,928 | ---- | C] () -- C:\Users\Arron\Documents\arron javal cv.doc

[2010/10/09 16:20:23 | 000,155,350 | ---- | C] () -- C:\Users\Arron\Documents\10000-3(top).JPG

[2010/10/09 16:20:23 | 000,132,352 | ---- | C] () -- C:\Users\Arron\Documents\123.jpg

[2010/10/09 16:20:23 | 000,000,000 | ---- | C] () -- C:\Users\Arron\Documents\2.docx

[2010/10/09 15:30:40 | 001,939,971 | ---- | C] () -- C:\Users\Arron\Desktop\QTTN FORMAT.cdr

[2010/10/09 15:30:40 | 000,997,851 | R--- | C] () -- C:\Users\Arron\Desktop\QTTN FORMAT_FINAL_macro enabled.xlsm

[2010/10/09 15:30:40 | 000,000,654 | ---- | C] () -- C:\Users\Arron\Desktop\Speccy.lnk

[2010/10/09 15:30:39 | 001,716,879 | ---- | C] () -- C:\Users\Arron\Desktop\NIGOL CLASSIC LOGO.png

[2010/10/09 15:30:39 | 000,361,829 | ---- | C] () -- C:\Users\Arron\Desktop\CUSTOMER PROTECTION POLICY.pdf

[2010/10/09 15:30:39 | 000,001,663 | ---- | C] () -- C:\Users\Arron\Desktop\FileZilla Client.lnk

[2010/10/09 15:30:39 | 000,000,969 | ---- | C] () -- C:\Users\Arron\Desktop\CCleaner.lnk

[2010/10/09 15:30:32 | 000,001,390 | ---- | C] () -- C:\Users\Arron\MODERN FURNITURE.SED

[2010/10/09 15:03:43 | 000,001,145 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2010/10/09 13:27:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/10/09 12:38:37 | 000,000,000 | -H-- | C] () -- C:\Users\Arron\Documents\Default.rdp

[2010/10/09 11:19:27 | 000,001,411 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/09 11:07:49 | 000,000,290 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2010/10/09 11:07:49 | 000,000,272 | ---- | C] () -- C:\Users\Arron\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2009/07/14 03:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 03:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2008/10/04 03:07:10 | 003,754,896 | ---- | C] () -- C:\Windows\System32\erdmpg-6.dll

[2008/09/28 21:33:01 | 000,253,952 | ---- | C] () -- C:\Windows\System32\Manipulate.dll

[2008/08/28 15:20:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\comLyricGetter.dll

[2008/08/28 15:17:22 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Uncommon.dll

[2008/08/28 15:17:20 | 000,061,440 | ---- | C] () -- C:\Windows\System32\NormalizeDSP.dll

[2006/11/06 23:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

========== LOP Check ==========

[2010/10/21 13:39:26 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/10/13 13:30:12 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\FileZilla

[2010/10/09 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\IndigoRose

[2010/10/30 12:59:52 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\Softland

[2010/10/30 19:47:28 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\TeamViewer

[2010/10/31 19:05:54 | 000,000,000 | ---D | M] -- C:\Users\Arron\AppData\Roaming\uTorrent

[2009/07/14 08:53:46 | 000,005,662 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

=======Cleanup=======

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.

======Next======

  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

After that your all set.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware

superantispyware

===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.

Antivir

This is antivirus and antispyware protection.

Avast

Share this post


Link to post
Share on other sites

I really thank you sir for the help, wish i could also be like you so i can help others with their virus/rootkits problems. Greatly appreciated sir, God bless and take care. ^^

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.