[Resolved] ALternate Data Stream

  • 9 Replies
  • 3232 Views
*

Offline -Kim-

  • Bronze Member
  • 6
[Resolved] ALternate Data Stream
« on: June 23, 2010, 01:41:58 AM »
Hello,

Primary Security: Online Armor++ v4.0.0.45
Secondary: Avira(on demand) MBAM(on demand) SpywareBlaster HitmanPro

After runinng a full scan with OA check for hidden data streams enabled I got this result.

As you can see the first 2 and the last 3 detections are legitimate data streams created by Reliability and Performance Monitor, its the 3rd from the top that is the concern. Things to note are ...This is a fresh install of Windows(legit copy) on a new hard drive and its less than two days old. The first thing I installed after Windows was my firewall and antivirus so the chances of this being malware are very slight but none-the-less I would like it confirmed for my own peace of mind. I will now turn it over to the experts but I have one request.

Could someone please teach me how to identiy the creater and owner of the problem file C:\ProgamData\TEMP\SC321E34.tmp, if I had known this technique I think i could have dealt with this problem myself. Thank you for looking in. Kim

Lets squash some Bugs! :w1  :LOL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:15, on 22/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 5690 bytes
« Last Edit: June 23, 2010, 05:45:47 PM by Hoov »

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27191
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] ALternate Data Stream
« Reply #1 on: June 23, 2010, 05:48:20 PM »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

Now onto trying to fix your computer.


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline -Kim-

  • Bronze Member
  • 6
Re: [In Progress] ALternate Data Stream
« Reply #2 on: June 24, 2010, 02:01:00 AM »
Hello Hoov, thank you for looking into this.

First: Absolutely nothing, I'll let you do your thing.
Second: Will do.
Third: Okay.
Fourth:  :t

OTL logfile created on: 24/06/2010 08:33:54 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Sean\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151.61 Gb Total Space | 97.80 Gb Free Space | 64.51% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 128.15 Gb Free Space | 87.48% Space Free | Partition Type: NTFS
Drive E: | 4.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEAN-PC
Current User Name: Sean
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Tall Emu\Online Armor\a2\avgate.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oahlp.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oacat.exe (Tall Emu)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Sean\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Tall Emu\Online Armor\oawatch.dll (Tall Emu)
MOD - C:\Windows\System32\IPHLPAPI.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\dhcpcsvc6.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\winnsi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SvcOnlineArmor) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
SRV - (OAcat) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (OADevice) -- C:\Windows\System32\drivers\OADriver.sys (Tall Emu)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (OAmon) -- C:\Windows\System32\drivers\OAmon.sys (Tall Emu)
DRV - (OAnet) -- C:\Windows\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (pssnap) -- C:\Windows\system32\DRIVERS\pssnap.sys (Macrium Software)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/22 11:19:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/22 14:53:04 | 000,000,000 | ---D | M]
 
[2010/06/21 15:25:34 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions
[2010/06/24 07:57:44 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions
[2010/06/21 19:09:47 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/06/21 19:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
[2010/06/21 19:20:58 | 000,000,000 | ---D | M] (Slickerfox) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
[2010/06/21 19:22:12 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/06/24 07:57:38 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/22 12:22:58 | 000,000,000 | ---D | M] (FennecFox) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
[2010/06/21 22:42:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/21 19:16:01 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions\personas@christopher.beard
[2010/06/22 12:17:39 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions\rein@notiz.jp
[2010/06/21 22:48:19 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\amyklvaj.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/06/21 15:41:17 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\e6gv5fv0.default\extensions
[2010/06/21 15:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\e6gv5fv0.default\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
[2010/06/21 15:28:57 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\e6gv5fv0.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/06/21 15:28:05 | 000,000,000 | ---D | M] (Black Stratini) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\e6gv5fv0.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2010/06/21 15:32:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\e6gv5fv0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/21 15:25:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\PROGRAM FILES\SYSINTERNALS\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/07/16 23:35:48 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{dd9b6bfe-7d2d-11df-af80-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9b6bfe-7d2d-11df-af80-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2007/07/21 10:23:04 | 000,258,688 | R--- | M] (ArenaNet)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/06/24 08:10:13 | 000,000,000 | ---D | C] -- C:\Users\Sean\Documents\Reflect
[2010/06/24 08:01:01 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2010/06/23 09:12:35 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\Hammer stuff
[2010/06/23 09:01:13 | 000,000,000 | ---D | C] -- C:\Users\Sean\Documents\Guild Wars
[2010/06/23 09:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/06/23 09:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Guild Wars
[2010/06/22 20:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/22 19:27:01 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Help
[2010/06/22 18:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\HHD Software
[2010/06/22 14:44:53 | 000,000,000 | ---D | C] -- C:\Users\Sean\Documents\My Games
[2010/06/22 14:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/22 14:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/06/22 14:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/22 14:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/06/22 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Adobe
[2010/06/22 14:22:30 | 000,000,000 | ---D | C] -- C:\Users\Sean\Documents\Warhammer EN
[2010/06/22 13:49:24 | 000,000,000 | ---D | C] -- C:\Users\Sean\Documents\SoftMaker
[2010/06/22 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\SoftMaker Viewer
[2010/06/22 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2010/06/22 11:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010/06/22 11:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/06/22 11:10:27 | 000,000,000 | ---D | C] -- C:\Users\Sean\Documents\Games for Windows - LIVE Demos
[2010/06/22 11:09:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010/06/22 11:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010/06/22 11:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\SySInternals
[2010/06/22 10:47:11 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\vlc
[2010/06/22 10:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/06/22 10:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2010/06/22 10:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2010/06/22 09:54:00 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\OnlineArmor
[2010/06/22 09:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2010/06/22 09:53:31 | 000,225,936 | ---- | C] (Tall Emu) -- C:\Windows\System32\drivers\OADriver.sys
[2010/06/22 09:53:31 | 000,030,584 | ---- | C] (Tall Emu Pty Ltd) -- C:\Windows\System32\drivers\OAnet.sys
[2010/06/22 09:53:31 | 000,024,440 | ---- | C] (Tall Emu) -- C:\Windows\System32\drivers\OAmon.sys
[2010/06/22 09:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2010/06/21 22:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/06/21 22:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/21 22:31:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010/06/21 22:29:26 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2010/06/21 22:29:26 | 001,738,072 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2010/06/21 22:29:26 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010/06/21 22:29:26 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010/06/21 22:29:26 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010/06/21 22:29:26 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010/06/21 22:29:25 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2010/06/21 22:29:25 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010/06/21 22:29:25 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010/06/21 22:29:25 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2010/06/21 22:29:25 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2010/06/21 22:29:25 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2010/06/21 22:29:24 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2010/06/21 22:29:24 | 001,316,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2010/06/21 22:29:24 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2010/06/21 22:29:24 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2010/06/21 22:29:24 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2010/06/21 22:29:24 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2010/06/21 22:29:24 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2010/06/21 22:29:24 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2010/06/21 22:29:24 | 000,299,424 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010/06/21 22:29:24 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2010/06/21 22:29:24 | 000,253,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2010/06/21 22:29:24 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2010/06/21 22:29:24 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2010/06/21 22:29:24 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010/06/21 22:29:24 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2010/06/21 22:29:24 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2010/06/21 22:29:24 | 000,104,720 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2010/06/21 22:29:24 | 000,104,208 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2010/06/21 22:29:24 | 000,103,184 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2010/06/21 22:17:37 | 000,000,000 | ---D | C] -- C:\Users\Sean\{5fafbafb-21f3-4ef6-a3fc-9498589467e9}
[2010/06/21 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Sean\{2e41b9cf-9d1a-459c-b6fb-f4478ccb9155}
[2010/06/21 22:09:06 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/06/21 22:08:51 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/06/21 22:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/06/21 22:07:17 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Paint.NET
[2010/06/21 22:06:41 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Macromedia
[2010/06/21 22:06:41 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Adobe
[2010/06/21 22:06:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/06/21 22:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/06/21 21:27:23 | 000,000,000 | ---D | C] -- C:\Users\Sean\{70898b7e-a492-4d5a-84bd-392292fb93c2}
[2010/06/21 20:53:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/06/21 20:53:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/06/21 20:53:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/06/21 20:51:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2010/06/21 20:39:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/06/21 20:11:18 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Avira
[2010/06/21 20:08:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/06/21 20:08:14 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/06/21 20:08:14 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/06/21 20:08:14 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/06/21 20:08:14 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/06/21 20:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/06/21 20:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/06/21 19:49:15 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Malwarebytes
[2010/06/21 19:49:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/21 19:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/21 19:49:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/21 19:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/21 19:39:31 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\RapidShare
[2010/06/21 19:38:47 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Deployment
[2010/06/21 19:38:47 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Apps
[2010/06/21 16:19:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
[2010/06/21 16:19:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2010/06/21 16:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2010/06/21 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\BuildAGadget Content
[2010/06/21 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Windows SideBar
[2010/06/21 15:50:17 | 000,000,000 | R-SD | C] -- C:\Users\Sean\Documents\My Stationery
[2010/06/21 15:25:19 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Mozilla
[2010/06/21 15:25:19 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Mozilla
[2010/06/21 15:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/21 15:05:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/21 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\Sean\{2e8ec121-9889-4c22-a38f-32724ab9c1cd}
[2010/06/21 14:55:42 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/06/21 14:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/06/21 14:55:40 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010/06/21 14:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/06/21 14:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/06/21 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Leadertech
[2010/06/21 14:52:10 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010/06/21 14:51:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010/06/21 14:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010/06/21 14:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/06/21 14:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/06/21 14:49:39 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Logitech
[2010/06/21 14:49:39 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Logishrd
[2010/06/21 14:43:05 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\ATI
[2010/06/21 14:43:05 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\ATI
[2010/06/21 14:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/06/21 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/06/21 14:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/06/21 14:29:44 | 000,000,000 | ---D | C] -- C:\Users\Sean\Tracing
[2010/06/21 14:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/21 14:28:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/06/21 14:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/21 14:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/21 14:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/21 14:24:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/21 14:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/21 14:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/06/21 14:23:21 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/21 14:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/21 14:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/06/21 14:08:50 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/06/21 13:57:30 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\WindowsUpdate
[2010/06/21 13:53:17 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Auslogics
[2010/06/21 13:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/06/21 13:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/21 13:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/06/21 13:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/21 13:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/06/21 13:19:36 | 000,000,000 | R--D | C] -- C:\Users\Sean\Searches
[2010/06/21 13:19:29 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Identities
[2010/06/21 13:19:27 | 000,000,000 | R--D | C] -- C:\Users\Sean\Contacts
[2010/06/21 13:19:26 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\VirtualStore
[2010/06/21 13:19:24 | 000,000,000 | --SD | C] -- C:\Users\Sean\AppData\Roaming\Microsoft
[2010/06/21 13:19:24 | 000,000,000 | R--D | C] -- C:\Users\Sean\Videos
[2010/06/21 13:19:24 | 000,000,000 | R--D | C] -- C:\Users\Sean\Saved Games
[2010/06/21 13:19:24 | 000,000,000 | R--D | C] -- C:\Users\Sean\Pictures
[2010/06/21 13:19:24 | 000,000,000 | R--D | C] -- C:\Users\Sean\Music
[2010/06/21 13:19:24 | 000,000,000 | R--D | C] -- C:\Users\Sean\Links
[2010/06/21 13:19:24 | 000,000,000 | R--D | C] -- C:\Users\Sean\Favorites
[2010/06/21 13:19:24 | 000,000,000 | R--D | C] -- C:\Users\Sean\Downloads
[2010/06/21 13:19:24 | 000,000,000 | R--D | C] -- C:\Users\Sean\Documents
[2010/06/21 13:19:24 | 000,000,000 | R--D | C] -- C:\Users\Sean\Desktop
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\AppData\Local\Temporary Internet Files
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\Templates
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\Start Menu
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\SendTo
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\Recent
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\PrintHood
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\NetHood
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\Documents\My Videos
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\Documents\My Pictures
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\Documents\My Music
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\My Documents
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\Local Settings
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\AppData\Local\History
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\Cookies
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\Application Data
[2010/06/21 13:19:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\AppData\Local\Application Data
[2010/06/21 13:19:24 | 000,000,000 | -H-D | C] -- C:\Users\Sean\AppData
[2010/06/21 13:19:24 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Temp
[2010/06/21 13:19:24 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Microsoft
[2010/06/21 13:19:24 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Media Center Programs
[2010/06/21 13:16:15 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/06/21 13:12:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/06/21 13:09:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/06/21 13:09:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/28 12:04:52 | 000,014,896 | ---- | C] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys
[2010/05/27 17:59:54 | 000,376,832 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2010/05/27 17:59:30 | 000,176,128 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2010/05/27 17:58:10 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010/05/27 17:58:04 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010/05/27 17:35:16 | 000,050,176 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2010/05/06 10:21:36 | 000,105,488 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtiHdmi.sys
[2010/04/28 23:29:24 | 000,053,328 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\LMouFiltCoInst.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010/06/24 08:33:52 | 003,145,728 | -HS- | M] () -- C:\Users\Sean\ntuser.dat
[2010/06/24 08:11:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/24 08:01:02 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2010/06/24 07:59:38 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{829E013F-78E3-4193-AE9B-6CCD9734009E}.job
[2010/06/24 07:57:04 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/24 07:57:04 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/24 07:57:04 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/24 07:50:01 | 000,524,288 | -HS- | M] () -- C:\Users\Sean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/24 07:50:01 | 000,065,536 | -HS- | M] () -- C:\Users\Sean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/24 07:49:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/24 07:49:38 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/24 07:49:38 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/24 07:49:11 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 23:25:37 | 004,120,780 | -H-- | M] () -- C:\Users\Sean\AppData\Local\IconCache.db
[2010/06/22 16:38:56 | 000,225,936 | ---- | M] (Tall Emu) -- C:\Windows\System32\drivers\OADriver.sys
[2010/06/22 14:23:54 | 000,206,361 | ---- | M] () -- C:\Users\Sean\Documents\Caiphas Cain I For The Emperor.pdf
[2010/06/22 11:54:17 | 000,000,804 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2010/06/22 11:53:58 | 000,000,846 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox - Shortcut.lnk
[2010/06/21 22:31:55 | 000,000,680 | ---- | M] () -- C:\Users\Sean\AppData\Local\d3d9caps.dat
[2010/06/21 22:11:26 | 000,003,584 | ---- | M] () -- C:\Users\Sean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/21 20:57:00 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/21 20:52:19 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010/06/21 18:12:43 | 000,049,168 | ---- | M] () -- C:\Users\Sean\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/21 13:25:22 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/06/21 13:24:32 | 000,524,288 | -HS- | M] () -- C:\Users\Sean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/06/21 13:19:24 | 000,000,020 | -HS- | M] () -- C:\Users\Sean\ntuser.ini
[2010/06/21 13:13:37 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/05/28 12:04:52 | 000,014,896 | ---- | M] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys
[2010/05/27 18:03:08 | 000,057,480 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2010/05/27 17:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2010/05/27 17:58:32 | 000,159,744 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010/05/27 17:58:18 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010/05/27 17:58:10 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010/05/27 17:58:04 | 000,011,776 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010/05/27 17:57:58 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010/05/27 17:35:16 | 000,050,176 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll
[2010/05/27 17:31:14 | 000,534,960 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2010/05/27 17:24:24 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
[2010/05/14 15:21:08 | 000,103,184 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2010/05/14 10:04:40 | 000,104,720 | ---- | M] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2010/05/13 22:28:30 | 000,104,208 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2010/05/06 17:35:18 | 000,253,784 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2010/05/06 17:35:14 | 000,252,760 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2010/05/06 16:42:58 | 001,316,184 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2010/05/06 16:42:48 | 001,738,072 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2010/05/06 10:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtiHdmi.sys
[2010/05/04 19:35:38 | 000,021,360 | ---- | M] () -- C:\Windows\atiogl.xml
[2010/05/04 03:58:45 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2010/04/29 16:37:26 | 000,002,137 | ---- | M] () -- C:\Windows\System32\atipblag.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 23:29:24 | 000,053,328 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\LMouFiltCoInst.dll
[2010/04/27 13:50:10 | 000,299,424 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010/04/20 04:13:30 | 000,024,440 | ---- | M] (Tall Emu) -- C:\Windows\System32\drivers\OAmon.sys
[2010/04/20 04:13:18 | 000,030,584 | ---- | M] (Tall Emu Pty Ltd) -- C:\Windows\System32\drivers\OAnet.sys
[2010/04/14 17:55:20 | 000,232,792 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010/04/06 18:54:32 | 000,203,336 | ---- | M] () -- C:\Windows\System32\atiicdxx.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | M] () -- C:\Windows\System32\xlive.dll.cat
 
========== Files Created - No Company Name ==========
 
[2010/06/22 14:23:52 | 000,206,361 | ---- | C] () -- C:\Users\Sean\Documents\Caiphas Cain I For The Emperor.pdf
[2010/06/22 13:49:06 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2010/06/22 13:43:47 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/06/22 11:54:17 | 000,000,804 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2010/06/22 11:53:58 | 000,000,846 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\firefox - Shortcut.lnk
[2010/06/21 22:38:48 | 000,000,416 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{829E013F-78E3-4193-AE9B-6CCD9734009E}.job
[2010/06/21 22:32:58 | 3220,496,384 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/21 22:11:23 | 000,003,584 | ---- | C] () -- C:\Users\Sean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/21 22:08:51 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2010/06/21 20:42:01 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/06/21 20:41:57 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/06/21 20:41:57 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/06/21 20:41:43 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/06/21 20:41:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/06/21 20:41:39 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/06/21 20:41:02 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/06/21 20:41:01 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/06/21 20:40:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/21 20:40:53 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/06/21 20:40:53 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/06/21 20:40:49 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/06/21 18:31:08 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/06/21 17:37:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/06/21 17:37:57 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/06/21 17:05:28 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/06/21 13:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/21 13:19:25 | 000,000,680 | ---- | C] () -- C:\Users\Sean\AppData\Local\d3d9caps.dat
[2010/06/21 13:19:24 | 003,145,728 | -HS- | C] () -- C:\Users\Sean\ntuser.dat
[2010/06/21 13:19:24 | 000,524,288 | -HS- | C] () -- C:\Users\Sean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/06/21 13:19:24 | 000,524,288 | -HS- | C] () -- C:\Users\Sean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/21 13:19:24 | 000,262,144 | -H-- | C] () -- C:\Users\Sean\ntuser.dat.LOG1
[2010/06/21 13:19:24 | 000,065,536 | -HS- | C] () -- C:\Users\Sean\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/21 13:19:24 | 000,000,020 | -HS- | C] () -- C:\Users\Sean\ntuser.ini
[2010/06/21 13:19:24 | 000,000,000 | -H-- | C] () -- C:\Users\Sean\ntuser.dat.LOG2
[2010/05/27 18:03:08 | 000,057,480 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2010/05/27 17:31:14 | 000,534,960 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2010/05/27 17:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/05/04 19:35:38 | 000,021,360 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/04/29 16:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/04/06 18:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010/06/21 13:53:17 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Auslogics
[2010/06/21 14:52:44 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Leadertech
[2010/06/22 09:54:11 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\OnlineArmor
[2010/06/21 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Windows SideBar
[2010/06/23 23:25:47 | 000,012,152 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/24 07:59:38 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{829E013F-78E3-4193-AE9B-6CCD9734009E}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

*

Offline -Kim-

  • Bronze Member
  • 6
Re: [In Progress] ALternate Data Stream
« Reply #3 on: June 24, 2010, 02:11:15 AM »
OTL Extras logfile created on: 24/06/2010 08:33:54 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Sean\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151.61 Gb Total Space | 97.80 Gb Free Space | 64.51% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 128.15 Gb Free Space | 87.48% Space Free | Partition Type: NTFS
Drive E: | 4.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEAN-PC
Current User Name: Sean
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E4ACB0D8-A32F-4B81-95F1-D1512390FE71}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E597BA47-3B7D-4DE5-AF3C-4CE3E774DC94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F590D50-A89C-4F95-BAEF-48B4CB1E69B6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{35596138-569C-4B33-94D6-BEA6C3B0DAAA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{3A2A0287-3332-4D74-80DF-3970349C7C1A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{753A41E4-61B8-4510-9379-5CB0EA1D4AE8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{867ED9E1-895C-4E5E-9255-8900174E13D9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9294BDDB-D860-4FE6-AD26-470ACFD12B35}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{A4457B6F-271A-42A3-B736-3ADE139C336C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F0A73B4-6187-3CE7-B07A-807BC8F28B4F}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2212E17D-2931-5F26-9213-00EEC82C7EF0}" = ccc-core-static
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{503231D1-3A81-69DC-A95D-5273AB7A1CCC}" = Catalyst Control Center Graphics Previews Vista
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EA5CBF8-DFF4-5C69-9434-F87F8C21293C}" = Catalyst Control Center Graphics Previews Common
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 4.95
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A1E480F4-805E-AE2D-5F83-FC7618F47046}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B883FC57-818A-2C84-34CF-917B3C56C85B}" = CCC Help English
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DB35267F-B5C6-495C-8407-75ADC34E759D}" = Macrium Reflect - Free Edition
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FD423BBD-8095-D342-F496-59D7C22FD581}" = ATI Catalyst Install Manager
"7-Zip" = 7-Zip 9.15 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Guild Wars" = Guild Wars
"HijackThis" = HijackThis 2.0.2
"IconPackager" = IconPackager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OnlineArmor_is1" = Online Armor 4.0
"Revo Uninstaller" = Revo Uninstaller 1.88
"Secunia PSI" = Secunia PSI
"SP6" = Logitech SetPoint 6.1
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"TextMaker Viewer" = TextMaker Viewer
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22/06/2010 06:09:50 | Computer Name = Sean-PC | Source = VSS | ID = 8194
Description =
 
Error - 22/06/2010 06:10:05 | Computer Name = Sean-PC | Source = System Restore | ID = 8193
Description =
 
Error - 22/06/2010 09:42:59 | Computer Name = Sean-PC | Source = VSS | ID = 8194
Description =
 
Error - 22/06/2010 09:43:45 | Computer Name = Sean-PC | Source = System Restore | ID = 8193
Description =
 
Error - 22/06/2010 11:20:52 | Computer Name = Sean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22/06/2010 11:49:21 | Computer Name = Sean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22/06/2010 15:52:31 | Computer Name = Sean-PC | Source = VSS | ID = 8194
Description =
 
Error - 23/06/2010 02:29:17 | Computer Name = Sean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23/06/2010 09:34:10 | Computer Name = Sean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24/06/2010 02:50:52 | Computer Name = Sean-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 21/06/2010 12:57:11 | Computer Name = Sean-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 21/06/2010 12:57:11 | Computer Name = Sean-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 21/06/2010 12:57:11 | Computer Name = Sean-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 21/06/2010 12:57:11 | Computer Name = Sean-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 21/06/2010 12:57:11 | Computer Name = Sean-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 21/06/2010 12:57:11 | Computer Name = Sean-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 21/06/2010 13:02:52 | Computer Name = Sean-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
 
Error - 21/06/2010 13:03:24 | Computer Name = Sean-PC | Source = HTTP | ID = 15016
Description =
 
Error - 21/06/2010 13:05:46 | Computer Name = Sean-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
 
Error - 21/06/2010 13:06:40 | Computer Name = Sean-PC | Source = HTTP | ID = 15016
Description =
 
 
< End of report >

I like that tool indeed, very thorough, thats minimal output! oh dear god whats normal. Interesting it has flagged the same alternate data stream. Hoov I see you are in the states, and I'm in the UK(which of course you can see from OTL) our sessions may be a little disjointed.

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27191
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] ALternate Data Stream
« Reply #4 on: June 24, 2010, 10:28:54 AM »
No worries.

Download this program and run it. uncheck the Quick Check checkbox, then you can click on the Scan System button and it will scan your computer for Alternate Data Stream files. Select the ones you would like to delete (this one, C:\ProgramData\TEMP:5C321E34), and press the Remove button.

Once you have done that, run an OTL scan again and let me know if the ADS file is gone. Or if you get an error somewhere, let me know what the error is.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline -Kim-

  • Bronze Member
  • 6
Re: [In Progress] ALternate Data Stream
« Reply #5 on: June 24, 2010, 12:20:21 PM »
I ran the scan you asked Hoov, got good and bad news I think.

Bad

The good news I think is http://www.wilderssecurity.com/showthread.php?t=218483 I found this while researching the problem, I don't know why but when I checked Google before I didn't get this result. So, I suggest we supspend this topic, I have created a thread asking if the file is indeed created SpywareBlaster, and will let you know what response I get.

The above seems to make the most sense as I said, it was clean install of windows and I do and did indeed have SpywareBlaster installed. Lets cross our fingers we get the response I want.

Kim.

*

Offline -Kim-

  • Bronze Member
  • 6
Re: [In Progress] ALternate Data Stream
« Reply #6 on: June 24, 2010, 02:17:03 PM »
Hoov this one can be marked as resolved, while I havent got offical word yet, I'am satisified that it is a false positive. Thank you for your time and effort, it was much appreciated. If you would like to know how I confirmed it you can read this thread.

http://www.wilderssecurity.com/showthread.php?t=275650

Sorry about double post I couldn't edit :r  :LOL

Goodbye and keep up the good fight!
Kim.

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27191
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] ALternate Data Stream
« Reply #7 on: June 24, 2010, 02:52:27 PM »
If you are still unsure, there is a way to check it. Turn off spywareblaster and then delete the file. If you can delete it only when spywareblaster is turned off, then it is part of spywareblaster.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline -Kim-

  • Bronze Member
  • 6
Re: [In Progress] ALternate Data Stream
« Reply #8 on: June 25, 2010, 02:38:02 AM »
Yep Hoov if you check the thread I posted you will see I done exacrly what you suggested, I'm 100% convinced its a false positive. All I needed was a piece of software to monitor 5C321E34.tmp to see what program interacted with it. Filechecker by Javacool looked to have all the features I needed but unfortunately it doesn't appear to support ADS's. Know of something else that can?

Thanks again.

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27191
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] ALternate Data Stream
« Reply #9 on: June 25, 2010, 11:44:02 AM »
Process explorer may do the trick. Not sure.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!