# Infected email ('fotos 27/06'), apparent trojan, bulk resending of itself to contacts



## BadgerfaceMcGrue (Sep 27, 2007)

Hi Folks,

I have a problem that hopefuly someone will be able to help me with. My girlfriend recieved an email to her hotmail account last night from a friend with the subject 'fotos 27/06'. She was notified of it coming in by an MSN messenger alert and opened the email from the alert and into internet explorer. She can't remember if she opened an attachment in the email, but quickly noticed that the email was being forwarded to all her contacts. We are running avg free edition which gave a warning of a trojan being detected but unfortunately too late. We immediately attempted to delete all instances of the suspect email from her hotmail account. We ran a full scan of the computer which detected the following two entries:

"C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\F46KS57G\fotos[1].com";"Trojan horse SHeur2.ATCG";"Moved to Virus Vault"
"C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\R5R1LWIA\fotos[1].com";"Trojan horse SHeur2.ATCG";"Moved to Virus Vault"

After removing the virus using AVG we attempted to access hotmail again but still appear to have the same problem. We run both firefox and ie browsers, and the email is being forwarded regardless of which we use. I have been able to access and use my hotmail web account with no problems, I have recieved the suspect email, but have not opened it from my account.

I have run a HJT scan and post the log below, thank you in advance to anyone who can give any help on this.

Kind Regards,

Mark.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:26, on 29/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\winnt_\winntR1.exe
C:\winnt_\winnt3.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TextPad 5\TextPad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winntR1] C:\winnt_\winntR1.exe
O4 - HKLM\..\Run: [winnt2] C:\winnt_\winnt2.exe
O4 - HKLM\..\Run: [winnt3] C:\winnt_\winnt3.exe
O4 - HKLM\..\Run: [winnt4] C:\winnt_\winnt4.exe
O4 - HKLM\..\Run: [winnt5] C:\winnt_\winnt5.exe
O4 - HKLM\..\Run: [winnt6] C:\winnt_\winnt6.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1409082233-1292428093-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Erin')
O4 - HKUS\S-1-5-21-1409082233-1292428093-682003330-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Erin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ImageUploader4 - http://photos.next.co.uk/apps/ipc/downloads//ImageUploader4.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205791063809
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205875186109
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games  Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\XEClient\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12120 bytes


----------



## BadgerfaceMcGrue (Sep 27, 2007)

bump


----------



## emeraldnzl (Nov 3, 2007)

Hello BadgerfaceMcGrue,

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Next*

Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.


----------



## BadgerfaceMcGrue (Sep 27, 2007)

Ok, first the MBAM log.

Two points of note: 
Firstly, This problem has been temporarily resolved by using a different windows user. We can log onto, and use the suspect email account without difficulty while logged on as another user. (I did run the scans as the suspect windows user)

Secondly, when logging on to the suspect user AVG has issued a warning "trojan horse downloader.generic8.BEUI"

...and on to the log...

Malwarebytes' Anti-Malware 1.39
Database version: 2532
Windows 5.1.2600 Service Pack 3

30/07/2009 23:05:52
mbam-log-2009-07-30 (23-05-52).txt

Scan type: Quick Scan
Objects scanned: 128644
Time elapsed: 23 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## BadgerfaceMcGrue (Sep 27, 2007)

OTL.txt

OTL logfile created on: 30/07/2009 23:14:45 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.48 Mb Total Physical Memory | 273.83 Mb Available Physical Memory | 53.64% Memory free
1.97 Gb Paging File | 1.52 Gb Available in Paging File | 77.52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 11.77 Gb Free Space | 21.15% Space Free | Partition Type: NTFS
Drive D: | 4.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 185.55 Gb Total Space | 30.22 Gb Free Space | 16.29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 93.92 Gb Total Space | 0.28 Gb Free Space | 0.30% Space Free | Partition Type: NTFS

Computer Name: MILLIGAN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe ()
PRC - C:\WINDOWS\System32\PSIService.exe ()
PRC - C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe ()
PRC - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AffinegyService [Auto | Running]) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KService [Auto | Running]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (OracleJobSchedulerXE [Disabled | Stopped]) -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe ()
SRV - (OracleMTSRecoveryService [On_Demand | Stopped]) -- C:\XEClient\BIN\omtsreco.exe (Oracle Corporation)
SRV - (OracleServiceXE [Auto | Stopped]) -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleXEClrAgent [On_Demand | Stopped]) -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe ()
SRV - (OracleXETNSListener [Auto | Running]) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe ()
SRV - (ProtexisLicensing [Auto | Running]) -- C:\WINDOWS\System32\PSIService.exe ()
SRV - (rpcapd [Auto | Running]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (SbieSvc [Auto | Running]) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AFGSp50 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BCMModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\BCMDM.sys (BCM)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hotcore3 [Boot | Running]) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (imagedrv [Boot | Running]) -- C:\WINDOWS\System32\Drivers\imagedrv.sys (Ahead Software AG)
DRV - (imagesrv [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys (Ahead Software AG)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ndiscm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsu [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (NPF [Auto | Running]) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (PAC7302 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SbieDrv [On_Demand | Running]) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sscdbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdmdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbser.sys (Microsoft Corporation)
DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [System | Running]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/17 11:39:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/30 23:12:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/25 11:05:53 | 00,000,000 | ---D | M]

[2008/08/28 14:46:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/08/28 14:46:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/30 22:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\tbbumkdi.default\extensions
[2009/07/26 18:48:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\tbbumkdi.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/07/26 18:48:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\tbbumkdi.default\extensions\[email protected]
[2009/07/30 12:09:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/25 11:05:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/12 22:42:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/10/19 21:29:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/07/25 11:05:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/25 11:05:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/03/19 19:23:20 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/10/19 21:29:25 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/05/14 17:48:42 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/25 11:05:47 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/09 23:22:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/05/03 11:07:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/03 11:07:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/03 11:07:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/03 11:07:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/03 11:07:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/03 11:07:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/03 11:07:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/09 23:22:36 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/06/09 23:21:51 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/09/10 14:49:12 | 06,583,016 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll
[2008/09/10 14:49:14 | 05,817,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2008/08/28 14:45:26 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/08/28 14:45:26 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/28 14:45:26 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/08/28 14:45:26 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/15 12:35:03 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/08/28 14:45:26 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/28 14:45:26 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/08/28 14:45:26 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [4oD] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [winnt2] C:\winnt_\winnt2.exe File not found
O4 - HKLM..\Run: [winnt3] C:\winnt_\winnt3.exe File not found
O4 - HKLM..\Run: [winnt4] C:\winnt_\winnt4.exe File not found
O4 - HKLM..\Run: [winnt5] C:\winnt_\winnt5.exe File not found
O4 - HKLM..\Run: [winnt6] C:\winnt_\winnt6.exe File not found
O4 - HKLM..\Run: [winntR1] C:\winnt_\winntR1.exe File not found
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

to be continued...


----------



## BadgerfaceMcGrue (Sep 27, 2007)

continued...(OTL.txt)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205791063809 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205875186109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games - Backgammon)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: ImageUploader4 http://photos.next.co.uk/apps/ipc/downloads//ImageUploader4.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/16 23:27:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3e9c544d-2486-11de-8745-002040ff80ad}\Shell - "" = AutoRun
O33 - MountPoints2\{3e9c544d-2486-11de-8745-002040ff80ad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e9c544d-2486-11de-8745-002040ff80ad}\Shell\AutoRun\command - "" = G:\RunGame.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/07/30 23:11:17 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/30 22:36:00 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/30 22:35:56 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/30 22:35:54 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 22:35:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/30 22:30:34 | 00,634,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\wellington.exe
[2009/07/30 22:27:54 | 00,483,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup2.exe.part
[2009/07/30 15:05:38 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2009/07/30 15:05:38 | 00,000,232 | -H-- | C] () -- C:\sqmdata02.sqm
[2009/07/30 13:34:04 | 00,000,268 | -H-- | C] () -- C:\sqmdata01.sqm
[2009/07/30 13:34:04 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2009/07/29 18:36:31 | 00,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2009/07/29 18:36:31 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2009/07/29 11:29:32 | 02,692,080 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/07/29 00:07:28 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/07/29 00:03:55 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTsetup.exe
[2009/07/26 19:50:46 | 00,000,000 | -H-D | C] -- C:\winnt_
[2009/07/13 10:01:39 | 02,280,162 | ---- | C] () -- F:\My Documents\MANUAL000069978.pdf
[2009/07/12 11:50:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/12 11:48:52 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BBC iPlayer Desktop.lnk
[2009/07/12 11:48:51 | 00,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2009/06/09 23:25:42 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/01 21:02:23 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/02/17 22:34:41 | 00,001,809 | ---- | C] () -- C:\WINDOWS\MasterExam.ini
[2009/02/17 22:34:40 | 00,000,216 | ---- | C] () -- C:\WINDOWS\LK_ME_Cfg.ini
[2008/10/28 22:51:19 | 00,001,606 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2008/10/09 19:51:02 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/10/09 19:50:58 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2008/06/18 21:06:24 | 04,244,744 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2008/06/18 21:06:24 | 00,247,560 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2008/06/18 21:06:24 | 00,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2008/05/31 10:34:27 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B03CFA9EF0.sys
[2008/05/31 10:15:24 | 00,002,932 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/05/13 02:53:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/13 02:50:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/13 02:50:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/13 02:50:08 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/05/13 02:49:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/03/25 17:39:54 | 00,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2008/03/21 11:07:24 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/03/20 19:40:01 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/20 18:54:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/03/20 18:43:42 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/17 00:12:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/16 23:41:48 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2008/03/16 23:41:24 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2008/03/16 23:41:24 | 00,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2005/12/07 13:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2002/09/03 18:11:56 | 00,000,821 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/03 18:06:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/07/30 23:11:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/07/30 22:36:00 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/30 22:31:54 | 00,634,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\wellington.exe
[2009/07/30 22:28:27 | 00,483,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup2.exe.part
[2009/07/30 22:16:21 | 00,000,752 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2009/07/30 20:11:44 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/07/30 19:49:40 | 02,692,080 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/07/30 15:05:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/07/30 15:05:38 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/07/30 13:34:04 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/07/30 13:34:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/07/30 10:55:02 | 00,053,846 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/30 10:55:01 | 39,387,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/30 10:49:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/30 10:48:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/29 18:36:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/07/29 18:36:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/07/29 00:07:33 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/07/29 00:03:56 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HJTsetup.exe
[2009/07/28 21:10:58 | 00,000,393 | ---- | M] () -- F:\My Documents\My Sharing Folders.lnk
[2009/07/26 22:02:07 | 00,002,932 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/25 20:48:57 | 00,145,408 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/24 22:29:10 | 00,000,821 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/24 22:25:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/19 14:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 14:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 14:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 14:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/18 10:11:26 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/15 16:51:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/13 16:50:18 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 10:01:39 | 02,280,162 | ---- | M] () -- F:\My Documents\MANUAL000069978.pdf
[2009/07/12 11:51:47 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/12 11:51:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/12 11:48:52 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\BBC iPlayer Desktop.lnk
[2009/07/07 16:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/30 23:28:19 | 00,001,606 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini

========== LOP Check ==========

Still to be continued...


----------



## BadgerfaceMcGrue (Sep 27, 2007)

Part 3...(OTL.txt)

[2009/06/30 22:26:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2009/05/03 22:44:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/25 23:18:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AceBIT
[2009/06/01 21:02:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Affinegy
[2008/05/01 18:22:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
[2008/05/12 22:53:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Channel4
[2008/05/31 10:32:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Corel
[2009/03/21 11:18:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2008/04/18 12:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
[2009/06/30 22:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Flood Light Games
[2008/11/26 22:46:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HipSoft
[2009/01/17 16:02:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
[2009/06/30 22:26:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\JollyBear
[2009/07/30 23:24:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
[2008/03/18 09:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
[2009/03/03 00:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MySQL
[2008/03/25 22:49:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nokia
[2008/04/12 23:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
[2009/06/30 23:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/06/30 22:15:13 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2009/01/25 23:18:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AceBIT
[2008/04/05 19:21:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2009/06/03 11:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2008/11/27 00:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BeachPartyCraze
[2008/09/20 00:42:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blender Foundation
[2008/05/31 10:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Corel
[2009/06/30 22:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2008/08/31 15:43:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Go-Go Gourmet Chef of the Year
[2008/04/19 11:58:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Helios
[2008/05/10 12:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93
[2009/05/01 12:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2008/09/01 22:41:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2009/03/03 00:28:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MySQL
[2008/05/12 22:43:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2008/03/25 23:02:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NSeries
[2009/05/25 16:37:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
[2008/05/12 22:38:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2008/05/12 22:38:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2008/10/31 00:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sibelius Software
[2009/07/17 11:53:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spotify
[2009/04/05 12:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SQL Developer
[2009/01/26 12:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2008/12/12 20:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TypingMaster7
[2008/05/12 22:44:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Xfire
[2002/09/03 17:46:18 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/30 10:49:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2008/03/17 23:26:46 | 00,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:981349EA
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5216CD26
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:EAB5D262
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:17A66DDA
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:00C31200
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:273A8657
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2FF4577A
< End of report >


----------



## BadgerfaceMcGrue (Sep 27, 2007)

And now Extras.txt...

OTL Extras logfile created on: 30/07/2009 23:14:45 - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.48 Mb Total Physical Memory | 273.83 Mb Available Physical Memory | 53.64% Memory free
1.97 Gb Paging File | 1.52 Gb Available in Paging File | 77.52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 11.77 Gb Free Space | 21.15% Space Free | Partition Type: NTFS
Drive D: | 4.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 185.55 Gb Total Space | 30.22 Gb Free Space | 16.29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 93.92 Gb Total Space | 0.28 Gb Free Space | 0.30% Space Free | Partition Type: NTFS

Computer Name: MILLIGAN
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" = C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabledelivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*isabled:Nero Home -- (Nero AG)
"C:\Program Files\SimpleCenter\Home Media Server.exe" = C:\Program Files\SimpleCenter\Home Media Server.exe:*isabled:Home Media Server -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" = C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager -- (Affinegy, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}" = Nokia Nseries Video Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java(TM) SE Development Kit 6 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3EA0E0DD-4203-C20C-2740-582DFBF1CC59}" = BBC iPlayer Desktop
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{500D04BB-543A-49DF-A939-A67ABAA8238B}" = Hazard Perception Training 2002-2003
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{59367F7E-D7C1-4629-8AEC-71AA24A68F31}" = Nokia Software Updater
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5F4B558D-8AEB-4DEE-AAB3-C00D1D9A86BA}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{82D7F239-40E7-4755-B450-AFFB1175484B}" = Oracle Client 10g Express Edition
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver Software
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F888625-7591-498F-8211-F7009C126AB7}" = Driving Test Success 2002-2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver
"{96E94E18-54D6-42C1-8FC4-24DACEDC3395}" = Nokia NSeries System Utilities
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC [email protected]
"{A8C856AD-63CD-4613-AA29-E6C85607EA06}" = Nokia Software Launcher
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ADEBB12E-22A7-412A-9E84-090C1BD02AA6}" = Win994a Application Suite
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}" = Paragon Partition Manager 9.0 Professional
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D642ACC5-F7E9-48F3-A7EE-B49C5447A10E}" = Samsung PC Studio 3
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D99C322D-C21B-40C7-AE71-EE51AA096B6E}" = Nokia Flashing Cable Driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition
"{F4EE8763-EAA8-4BC1-8594-8501F5F00414}" = Nokia NSeries One Touch Access
"{F779EC8D-6703-4C4A-817C-37B07898E647}" = Nokia NSeries Content Copier
"{F89E5AD8-AE47-49B5-B9F9-C498791E6255}" = Nokia NSeries Music Manager
"{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}" = Nokia NSeries Multimedia Player
"{FD349381-D79C-4E5C-8980-015DFFB962D5}" = Nokia NSeries Application Installer
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"4oD" = 4oD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"AVG8Uninstall" = AVG Free 8.5
"BitLord" = BitLord 1.1
"DVD Decrypter" = DVD Decrypter (Remove Only)
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{82D7F239-40E7-4755-B450-AFFB1175484B}" = Oracle Client 10g Express Edition
"InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA Driver
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sandboxie" = Sandboxie 3.30
"SimCity2000CDv1" = SimCity 2000® Special Edition
"Spotify" = Spotify
"Unlocker" = Unlocker 1.8.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/07/2009 07:15:05 | Computer Name = MILLIGAN | Source = Nokia Software Launcher | ID = 1
Description = Nokia Software Launcher 1.6.80 (NLib 0.6.213) Nokia PCSuite connectivity
API error. errorcode: 47001 CONAPI_errordesc: Failed to get connection to System. CONAPI_errorcode:	0x80100002

Stack
trace: .\NSLMainDialog.cpp(100) : CNSLMainDialog::OnInitDialog .\NSLSyncHandler.cpp(124)
: CNSLSyncHandler::Init .\NConnAPI.cpp(80) : CNConnAPI::GetDeviceManager .\NCONADeviceManager.cpp(40)
: CNCONADeviceManager::Init .\NCONADeviceManager.cpp(39) : CNCONADeviceManager::Init

Error - 08/07/2009 04:32:57 | Computer Name = MILLIGAN | Source = Nokia Software Launcher | ID = 1
Description = Nokia Software Launcher 1.6.80 (NLib 0.6.213) Nokia PCSuite connectivity
API error. errorcode: 47001 CONAPI_errordesc: Failed to get connection to System. CONAPI_errorcode:	0x80100002

Stack
trace: .\NSLMainDialog.cpp(100) : CNSLMainDialog::OnInitDialog .\NSLSyncHandler.cpp(124)
: CNSLSyncHandler::Init .\NConnAPI.cpp(80) : CNConnAPI::GetDeviceManager .\NCONADeviceManager.cpp(40)
: CNCONADeviceManager::Init .\NCONADeviceManager.cpp(39) : CNCONADeviceManager::Init

Error - 11/07/2009 07:04:01 | Computer Name = MILLIGAN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/07/2009 12:01:02 | Computer Name = MILLIGAN | Source = Application Error | ID = 1000
Description = Faulting application nerovision.exe, version 4.7.0.9, faulting module
amcdocbase.dll, version 4.7.0.9, fault address 0x0004ff49.

Error - 13/07/2009 13:00:17 | Computer Name = MILLIGAN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2009 15:35:41 | Computer Name = MILLIGAN | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.10, faulting module
ad-aware.exe, version 7.1.0.10, fault address 0x0009659a.

Error - 28/07/2009 15:35:55 | Computer Name = MILLIGAN | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.10, faulting module
ad-aware.exe, version 7.1.0.10, fault address 0x00157058.

Error - 28/07/2009 15:40:16 | Computer Name = MILLIGAN | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.10, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2009 16:35:26 | Computer Name = MILLIGAN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3474, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29/07/2009 06:33:08 | Computer Name = MILLIGAN | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 17/07/2009 18:10:54 | Computer Name = MILLIGAN | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 18/07/2009 05:09:19 | Computer Name = MILLIGAN | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 19/07/2009 06:05:41 | Computer Name = MILLIGAN | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 20/07/2009 03:27:05 | Computer Name = MILLIGAN | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 29/07/2009 06:32:23 | Computer Name = MILLIGAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 29/07/2009 06:32:23 | Computer Name = MILLIGAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 29/07/2009 06:32:41 | Computer Name = MILLIGAN | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 29/07/2009 06:32:41 | Computer Name = MILLIGAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 30/07/2009 05:51:57 | Computer Name = MILLIGAN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the OracleServiceXE service
to connect.

Error - 30/07/2009 05:51:57 | Computer Name = MILLIGAN | Source = Service Control Manager | ID = 7000
Description = The OracleServiceXE service failed to start due to the following error:
%%1053

< End of report >


----------



## emeraldnzl (Nov 3, 2007)

Hmm... nothing leaping out at me there.

Let's run a deeper look to check for a possible rootkit and after that an on line virus scan.

Download GMER from *here*

Unzip it to the desktop.

***Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst.*

Open the program and click on the *Rootkit* tab.
Make sure all the boxes on the right of the screen are checked, *EXCEPT* for Show All.
Click on *Scan*.
When the scan has run click *Copy* and paste the results (if any) into this thread.

*Next*

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

*Kaspersky works with Internet Explorer and Firefox 3.*

Go to *Kaspersky website* and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.


Read through the requirements and privacy statement and click on *Accept* button.
It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the *Save* button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Copy and paste that information in your next post.

*So when your return please post
GMER scan results
Kaspersky scan results
*


----------



## BadgerfaceMcGrue (Sep 27, 2007)

Ok, first the rootkit log.

GMER 1.0.15.15011 [00928hzf.exe] - http://www.gmer.net
Rootkit scan 2009-07-31 23:32:26
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT spgn.sys ZwCreateKey [0xF86970E0]
SSDT spgn.sys ZwEnumerateKey [0xF86B5CA2]
SSDT spgn.sys ZwEnumerateValueKey [0xF86B6030]
SSDT spgn.sys ZwOpenKey [0xF86970C0]
SSDT spgn.sys ZwQueryKey [0xF86B6108]
SSDT spgn.sys ZwQueryValueKey [0xF86B5F88]
SSDT spgn.sys ZwSetValueKey [0xF86B619A]

INT 0x62 ? 83371BF8
INT 0x63 ? 83162F00
INT 0x73 ?  83162F00
INT 0x82 ? 83371BF8
INT 0x83 ? 83162F00
INT 0xB4 ? 83162F00

---- Kernel code sections - GMER 1.0.15 ----

? spgn.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7F638AC 5 Bytes JMP 831624E0 
.text amlql74p.SYS F7D4B384 1 Byte [20]
.text amlql74p.SYS F7D4B384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text amlql74p.SYS F7D4B3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text amlql74p.SYS F7D4B3C4 3 Bytes [00, 00, 00]
.text amlql74p.SYS F7D4B3C9 1 Byte [00]
.text ... 
.text win32k.sys!EngAcquireSemaphore + 20E2 BF8082D1 5 Bytes JMP 82D014D0 
.text win32k.sys!EngFreeUserMem + 5BD2 BF80EE58 5 Bytes JMP 82D01430 
.text win32k.sys!EngCreateBitmap + D9A0  BF84582C 5 Bytes JMP 82D01610 
.text win32k.sys!EngMultiByteToWideChar + 2F22 BF85277C 5 Bytes JMP 82D01750 
.text win32k.sys!EngGradientFill + 5100 BF8B3C90 5 Bytes JMP 82D01570 
.text win32k.sys!EngAlphaBlend + 9285 BF8C3136 5 Bytes JMP 82D016B0 
.text win32k.sys!PATHOBJ_vGetBounds + 74E1 BF8F004B 5 Bytes JMP 82D017F0

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 833E02D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F86C8C4C] spgn.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F86C8CA0] spgn.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8698040] spgn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F869813C] spgn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F86980BE] spgn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F86987FC] spgn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F86986D2] spgn.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 831625E0
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlInitUnicodeString]  000000A5
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!swprintf] 000000E5
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeSetEvent] 000000F1
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000071
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000D8
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00000031
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmFreeMappingAddress] 00000015
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000004
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 000000C7
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00000023
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 000000C3
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IofCompleteRequest] 00000018
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00000096
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IofCallDriver] 00000005
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0000009A
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000007
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000012
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoDetachDevice] 00000080
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeWaitForSingleObject] 000000E2
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeInitializeEvent] 000000EB
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeCancelTimer] 00000027
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000B2
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000075
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000009
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000083
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmMapIoSpace] 0000002C
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0000001A
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoReportDetectedDevice] 0000001B
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0000006E
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0000005A
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000000A0
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00000052
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 0000003B
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 000000D6
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!sprintf]  000000B3
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000029
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!ObfDereferenceObject] 000000E3
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0000002F
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000084
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!ZwClose] 00000053
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 000000D1
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000000
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 000000ED
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000020
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoCreateDevice] 000000FC
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B1
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0000005B
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000006A
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!ZwOpenKey] 000000CB
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlFreeUnicodeString]  000000BE
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoStartTimer] 00000039
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeInitializeTimer] 0000004A
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoInitializeTimer] 0000004C
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeInitializeDpc] 00000058
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeInitializeSpinLock] 000000CF
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoInitializeIrp] 000000D0
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!ZwCreateKey] 000000EF
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AA
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 000000FB
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!ZwSetValueKey] 00000043
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeInsertQueueDpc] 0000004D
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000033
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoStartPacket] 00000085
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000045
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000F9
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoFreeMdl] 00000002
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmUnlockPages] 0000007F
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 00000050


----------



## BadgerfaceMcGrue (Sep 27, 2007)

IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 0000003C
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 0000009F
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000A8
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000051
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoStartNextPacket]  000000A3
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeBugCheckEx] 00000040
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeSetTimer] 00000092
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!_allmul] 0000009D
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000038
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!_except_handler3] 000000F5
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!PoSetPowerState] 000000BC
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000B6
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000DA
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000021
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!_aulldiv] 00000010
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!strstr] 000000FF
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!_strupr] 000000F3
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000D2
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CD
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!KeTickCount] 0000000C
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000013
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoDeleteDevice] 000000EC
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000005F
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000097
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoAllocateIrp] 00000044
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoAllocateMdl] 00000017
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000C4
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000A7
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000007E
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0000003D
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000064
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoFreeIrp] 0000005D
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!IoFreeWorkItem] 00000019
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!RtlCompareMemory]  00000060
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!PoCallDriver] 00000081
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!memmove] 0000004F
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000DC
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\amlql74p.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 833DC1F8
Device \FileSystem\Udfs \UdfsCdRom 830A01F8
Device \FileSystem\Udfs \UdfsDisk 830A01F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8314F500
Device \Driver\NetBT \Device\NetBT_Tcpip_{FED99880-A935-42E2-9BD6-A1F9CC1113F3} 82D301F8
Device \Driver\sptd \Device\323302396 spgn.sys
Device \Driver\usbuhci \Device\USBPDO-1 8314F500
Device \Driver\usbuhci \Device\USBPDO-2 8314F500
Device \Driver\usbehci \Device\USBPDO-3 8312F500

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\PCI_PNP2396 \Device\00000049 spgn.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 833DE1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Ftdisk \Device\HarddiskVolume2 833DE1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom0 83130500
Device \Driver\Ftdisk \Device\HarddiskVolume3 833DE1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\Cdrom \Device\CdRom1 83130500
Device \Driver\Cdrom \Device\CdRom2  83130500
Device \Driver\Cdrom \Device\CdRom3 83130500
Device \Driver\NetBT \Device\NetBt_Wins_Export 82D301F8
Device \Driver\NetBT \Device\NetbiosSmb 82D301F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8314F500
Device \Driver\usbuhci \Device\USBFDO-1 8314F500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82D0B1F8
Device \Driver\usbuhci \Device\USBFDO-2 8314F500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82D0B1F8
Device \Driver\usbehci \Device\USBFDO-3 8312F500
Device \Driver\Ftdisk \Device\FtControl 833DE1F8
Device \Driver\amlql74p \Device\Scsi\amlql74p1 830851F8
Device \Driver\amlql74p \Device\Scsi\amlql74p1Port3Path0Target0Lun0 830851F8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port2Path0Target0Lun0 833DD1F8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 833DD1F8
Device \FileSystem\Cdfs \Cdfs 82F951F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd1066f5 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\[email protected] 0xE2 0xD7 0x2E 0x06 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\[email protected] 0x67 0xC1 0x6F 0x57 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x22 0x1B 0xAC 0xEE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xE3 0x4D 0xCC 0x1E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xDD 0xB0 0xDE 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x22 0x1B 0xAC 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xE3 0x4D 0xCC 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)


----------



## BadgerfaceMcGrue (Sep 27, 2007)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0xC6 0x0A 0xD2 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd1066f5 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xE2 0xD7 0x2E 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x67 0xC1 0x6F 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d36559 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xDE 0x66 0x48 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]  1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xA5 0x0B 0x1C 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xE3 0x4D 0xCC 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x5A 0x6F 0xBB 0x69 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0009dd1066f5 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\[email protected] 0xE2 0xD7 0x2E 0x06 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\[email protected] 0x67 0xC1 0x6F 0x57 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001060d36559 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\[email protected] 0xDE 0x66 0x48 0x88 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0xA5 0x0B 0x1C 0x4C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0xE3 0x4D 0xCC 0x1E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x5A 0x6F 0xBB 0x69 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1ROU2I4U\109[1] 0 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8ITP9MXL\109[1] 0 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0299.JPG 464309 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0317.JPG 450824 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0335.JPG 876190 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0282.JPG  464431 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0283.JPG 451057 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0284.JPG 456976 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0285.JPG 473118 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0286.JPG 444146 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0287.JPG 448510 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0288.JPG 438395 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0289.JPG 456746 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0290.JPG 445707 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0291.JPG 465981 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0292.JPG 474122 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0293.JPG 468012 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0294.JPG 471580 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0295.JPG 468261 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0296.JPG 453529 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0297.JPG 449478 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0298.JPG 461605 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0300.JPG 475024 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0301.JPG 480176 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0302.JPG 472296 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0303.JPG 472073 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0304.JPG 473174 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0305.JPG 441091 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0306.JPG 459000 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0307.JPG 471913 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0308.JPG 477583 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0309.JPG 475947 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0310.JPG 471002 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0311.JPG 472443 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0312.JPG 480480 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0313.JPG 466023 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0314.JPG 462589 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0315.JPG 461961 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0316.JPG 463399 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0318.JPG 457981 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0319.JPG 459188 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0320.JPG 842439 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0321.JPG 843689 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0322.JPG 843045 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0323.JPG 843861 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0324.JPG 832494 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0325.JPG 843131 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0326.JPG 848648 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0327.JPG 844577 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0328.JPG 856833 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0329.JPG 836667 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0330.JPG 841129 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0331.JPG 841061 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0332.JPG 842409 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0333.JPG 860554 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0334.JPG 875003 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0336.JPG 853954 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0337.JPG 839650 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0338.JPG 849013 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0339.JPG 838188 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0340.JPG 837299 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0341.JPG 852080 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0342.JPG 912830 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0343.JPG 893180 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0344.JPG 887718 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0347.JPG 858477 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0348.JPG 852687 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0349.JPG 844377 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0350.AVI 3083984 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0351.JPG 855417 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0352.JPG 846848 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0353.JPG 801194 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0354.JPG 849687 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0355.JPG 861930 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0356.JPG 862725 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\DSCF0357.JPG 853462 bytes
File F:\Documents and Settings\Owner\Desktop\Pics\My Pictures_windows\2005 pics\Safari park 28 June 2005\Thumbs.db 339968 bytes
File F:\Documents and Settings\Owner\My Documents\03-06_Minutes.doc 41472 bytes


----------



## BadgerfaceMcGrue (Sep 27, 2007)

File F:\Documents and Settings\Owner\My Documents\03-14_Minutes.doc 27648 bytes
File F:\Documents and Settings\Owner\My Documents\04-05_Minutes.doc 27648 bytes
File F:\Documents and Settings\Owner\My Documents\10132lion01small.jpg 77509 bytes
File F:\Documents and Settings\Owner\My Documents\1960s.mp3 2286763 bytes
File F:\Documents and Settings\Owner\My Documents\No_30.pdf 81612 bytes
File F:\Documents and Settings\Owner\My Documents\OpticalI.PPS 931840 bytes
File F:\Documents and Settings\Owner\My Documents\Paint shop files 0 bytes
File F:\Documents and Settings\Owner\My Documents\Paint shop files\8Ball.pspimage 31538 bytes
File F:\Documents and Settings\Owner\My Documents\Paint shop files\Thumbs.db 5632 bytes
File F:\Documents and Settings\Owner\My Documents\End_of_case_eng.pdf  44241 bytes
File F:\Documents and Settings\Owner\My Documents\englogo2007.jpg 10812 bytes
File F:\Documents and Settings\Owner\My Documents\F4CG.NFO 10193 bytes
File F:\Documents and Settings\Owner\My Documents\GECCO-2005-Proceedings-ToC.pdf 280288 bytes
File F:\Documents and Settings\Owner\My Documents\getmsg.htm 16445 bytes
File F:\Documents and Settings\Owner\My Documents\GFBGraduateTrainingoutline.doc 38912 bytes
File F:\Documents and Settings\Owner\My Documents\Glasgow.pdf 1104676 bytes
File F:\Documents and Settings\Owner\My Documents\GR2Leisure.pdf 325014 bytes
File F:\Documents and Settings\Owner\My Documents\SystemsProgrammingAssignment2_2005_2006.pdf 232994 bytes
File F:\Documents and Settings\Owner\My Documents\takeoff.mp3 1102267 bytes
File F:\Documents and Settings\Owner\My Documents\TARDISbuildersMANUALbyGLENWALKER.pdf 3598705 bytes
File F:\Documents and Settings\Owner\My Documents\Tasks_questionnaire[1].doc 148480 bytes
File F:\Documents and Settings\Owner\My Documents\TelecommunicationsCoursework1 (1).xls 55296 bytes
File F:\Documents and Settings\Owner\My Documents\TelecommunicationsCoursework1 (2).xls 44544 bytes
File F:\Documents and Settings\Owner\My Documents\TelecommunicationsCoursework1.xls 33792 bytes
File F:\Documents and Settings\Owner\My Documents\1User Guides Online Tutorial.doc  37376 bytes
File F:\Documents and Settings\Owner\My Documents\62.bmp 1942 bytes
File F:\Documents and Settings\Owner\My Documents\app.txt 15 bytes
File F:\Documents and Settings\Owner\My Documents\Cale 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Untitled-1.htm 196316 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\3DCAM_cwork2_2007.doc 111616 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\ArtificialIntelligenceCW1(5).doc 295424 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++ 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\06ThreadSynchronisation.zip 2790829 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\COMU311CwMHarper.vcproj 3421 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\Debug 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\Debug\BuildLog.htm 2768 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\Debug\COMU311CwMHarper.exe 114688 bytes executable
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\Debug\COMU311CwMHarper.ilk  428020 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\Debug\COMU311CwMHarper.pdb 1166336 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\Debug\MessagePresenter0506.exe 32768 bytes executable
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\Debug\MessagePresenter0506.zip 8750 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\Debug\vc70.idb 576512 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\Debug\vc70.pdb 167936 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper\MessageReader.cpp 4117 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper.ncb 27648 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper.sln 938 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper\COMU311CwMHarper.suo 9216 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\COMU311CwMHarper.zip 631225 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\C++\Projects.zip 10850603 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\CBSD Coursework2 jars 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\CBSD Coursework2 jars\CBSDCoursework2App.jar 11518 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\CBSD Coursework2 jars\transportLib.jar 13118 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\CBSD Coursework2 jars\TransportServer.jar  4636 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\802.11-1999.pdf 6463413 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\bookmarks.html 3940 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Conclusions.doc 25600 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Conclusions_gambling_cultivation.doc 21504 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\COSD480_Coursework_1_and_2_Specification_2006_07.pdf 57642 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\gomez_et_al_2005.pdf 1008401 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Group AIssues.doc 24064 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Investigation of the social consequences of online games.doc 19968 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Links 30_March.txt 1077 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\nist_aodv2.zip 565773 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\00749281.pdf 216333 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\COMNET paper.pdf 88196 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Geographic routing in the pressence of errors.pdf 296549 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Notes on interim.txt 266 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\Design and Approach.doc 30720 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\Design of Approach.doc 58368 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\Feedback RIM CW1.txt 3212 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\Feedback RIM CW2.txt 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\Honours project plan Mark Harper 200316945.mpp 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\MANET multihop graphic.emf 95704 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\MarkHarper_Interim_Report_06_07.doc 272384 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\ad hoc on demand distance vector routing.pdf 216333 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Self organising systems 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Self organising systems\A Survey of the Applications of Swarm Intelligence.pdf 258861 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Self organising systems\Internet reference bibliography.doc 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\A comprehensive review of nature inspired routing algorithms for fixed telecommunication networks.pdf 307291 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\A flocking based algorithm for document clustering analysis.pdf 391250 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\Ad Hoc Multicast Routing Algorithm with Swarm Intelligence.pdf 437792 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\ANSI A swarm intelligence based unicast routing protocol for hybrid ad hoc networks .pdf 479408 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\Ant-Based distributed topology.pdf 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\AntNet Distributed stigmergetic control for communications networks.pdf 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\beeAdHoc.pdf 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\Case studies for self organization in computer science.pdf 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\Followed refs 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\New 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\Non SI 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\papers\Swarm ad hoc nets\Special issue on nature inspired applications and systems.pdf  0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\project proposal.doc 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\Project report in progress(20 March).doc 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\rimcw2.doc 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\RIMCW2Presentation.ppt 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\SIMULATION OF COMPUTER NETWORKS(Announcements).doc 0 bytes


----------



## BadgerfaceMcGrue (Sep 27, 2007)

File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Project docs\Thumbs.db 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Copy of Flash Backup April 3\Semester 2\Sample projects 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Coursework 2 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\DBPP 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Final honours 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\finding 459 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Flash Backup April 3 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Glasgow Caledonian University.htm 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Glasgow Caledonian University2.htm  0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Glasgow Caledonian University2_files 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Glasgow Caledonian University_files 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Honours project 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Investigation of Motion Capture.doc 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Library number.txt 0 bytes
File F:\Documents and Settings\Owner\My Documents\Cale\Mark's stuff 0 bytes

---- EOF - GMER 1.0.15 ----


----------



## BadgerfaceMcGrue (Sep 27, 2007)

I'm about to run the online virus scan, I am however reluctant to run as the main infected user. I left my computer running the previous scan yesterday and when I returned my computer was not in a happy state. I don't know if there was a legacy of the run of the scan but my computer was unable to get any system resources and I had difficulty even opening notepad to create the a text file. Firefox completely crashed, and I was unable to restart it. I could not open the task manager, and the control panel was not working correctly.

I will run the online scan while logged in as a seemingly unnafected user, but am unsure as to whether this will affect the results. I will rerun the scan as the suspect user if you believe this is necessary.


----------



## emeraldnzl (Nov 3, 2007)

Shouldn't matter as long as you scan all drives.


----------

