OTL logfile created on: 9/4/2009 1:44:32 PM - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Rory\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18813) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 39.85% Memory free 4.00 Gb Paging File | 2.94 Gb Available in Paging File | 73.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 107.07 Gb Total Space | 8.78 Gb Free Space | 8.20% Space Free | Partition Type: NTFS Drive D: | 37.24 Gb Total Space | 27.94 Gb Free Space | 75.03% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 931.51 Gb Total Space | 536.86 Gb Free Space | 57.63% Space Free | Partition Type: NTFS Computer Name: CHARLES-FAM-PC Current User Name: Rory Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008/01/19 08:33:32 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Taskmgr.exe PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/08/04 20:00:54 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/09/04 13:34:10 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Rory\Downloads\OTL(2).exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/07/03 15:49:06 | 01,029,456 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Disabled | Stopped]) SRV - [2007/04/17 19:17:48 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [Disabled | Stopped]) SRV - [2008/01/19 08:33:43 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc [Disabled | Running]) SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped]) SRV - [2009/08/22 12:20:23 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Disabled | Stopped]) SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Disabled | Stopped]) SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [Disabled | Stopped]) SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [Disabled | Stopped]) SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Disabled | Stopped]) SRV - [2008/01/19 08:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Disabled | Running]) SRV - [2009/08/15 12:37:48 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped]) SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Disabled | Stopped]) SRV - [2009/02/06 19:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [Disabled | Stopped]) SRV - [2008/10/16 19:23:30 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [Disabled | Running]) SRV - [2008/10/16 19:24:24 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Disabled | Running]) SRV - [2008/10/16 19:30:28 | 00,634,880 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC [Disabled | Running]) SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped]) SRV - [2003/08/29 14:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS [Disabled | Stopped]) SRV - [2008/12/16 22:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Disabled | Stopped]) SRV - [2007/02/06 17:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Disabled | Stopped]) SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped]) SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Disabled | Running]) SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - File not found -- -- (NMIndexingService [Disabled | Stopped]) SRV - [2009/06/22 16:44:00 | 03,087,772 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des -- (npggsvc [Disabled | Stopped]) SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped]) SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Disabled | Running]) SRV - File not found -- -- (PnkBstrA [Disabled | Stopped]) SRV - File not found -- -- (PnkBstrB [Disabled | Stopped]) SRV - [2008/12/11 15:53:38 | 00,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv [Disabled | Stopped]) SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Disabled | Stopped]) SRV - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [Disabled | Stopped]) SRV - [2007/06/07 16:19:40 | 00,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2 [Disabled | Stopped]) SRV - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Disabled | Stopped]) SRV - [2008/08/07 01:20:20 | 00,087,288 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [Disabled | Stopped]) SRV - [2007/07/27 05:39:32 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [Disabled | Stopped]) SRV - [2009/08/07 15:31:40 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Disabled | Stopped]) SRV - [2008/08/30 15:04:08 | 01,519,168 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service [Disabled | Stopped]) SRV - [2008/01/19 08:34:32 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC [Disabled | Running]) SRV - [2008/01/19 08:34:32 | 00,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS [Disabled | Running]) SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Disabled | Running]) SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped]) SRV - [2008/11/09 21:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Disabled | Stopped]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/19 11:22:28 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/07 21:27:06 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 02:29:33 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/19 20:52:09 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/20 14:46:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/27 19:21:29 | 00,000,000 | ---D | M] [2009/07/17 17:57:37 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\mozilla\Extensions [2009/07/17 17:57:37 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/07/05 15:34:12 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009/09/04 03:41:44 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\mozilla\Firefox\Profiles\ujc0u7nr.default\extensions [2009/09/02 22:34:04 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\mozilla\Firefox\Profiles\ujc0u7nr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/09/04 03:41:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/08/04 20:00:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/12/01 01:23:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2008/10/27 21:45:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009/04/16 19:17:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/09/03 18:58:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/08/04 20:00:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/08/04 20:00:53 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2009/09/03 18:58:36 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2007/11/29 23:28:06 | 01,334,576 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007/11/29 23:28:46 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2007/07/02 23:20:48 | 00,069,632 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll [2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009/08/04 20:00:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/01/07 21:27:01 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009/01/07 21:27:12 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009/01/07 21:26:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009/07/15 19:50:22 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2009/07/15 19:50:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/15 19:50:22 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2009/07/15 19:50:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/07/15 19:50:22 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2009/08/03 17:52:31 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png [2009/08/03 17:52:32 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml [2009/07/15 19:50:22 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/07/15 19:50:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/07/15 19:50:22 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: (307278 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 10578 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware2\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm () O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: gscdn.com ([rfonline-full] http in Trusted sites) O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/07/01 13:32:27 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/04/23 23:17:17 | 00,000,045 | ---- | M] () - D:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{0c12f058-665e-11de-b0d6-0019d12de0d1}\Shell - "" = AutoRun O33 - MountPoints2\{0c12f058-665e-11de-b0d6-0019d12de0d1}\Shell\AutoRun\command - "" = N:\TotalLock.exe -- File not found O33 - MountPoints2\{338512fa-819a-11dd-8032-0019d12de0d1}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{41d22201-cf97-11dd-a675-0019d12de0d1}\Shell\AutoRun\command - "" = L:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{57f440ec-865d-11dc-b14f-0019d12de0d1}\Shell - "" = AutoRun O33 - MountPoints2\{57f440ec-865d-11dc-b14f-0019d12de0d1}\Shell\AutoRun\command - "" = L:\SETUP.EXE -- File not found O33 - MountPoints2\{57f440ec-865d-11dc-b14f-0019d12de0d1}\Shell\configure\command - "" = L:\SETUP.EXE -- File not found O33 - MountPoints2\{57f440ec-865d-11dc-b14f-0019d12de0d1}\Shell\install\command - "" = L:\SETUP.EXE -- File not found O33 - MountPoints2\{7056251a-632f-11dd-951a-0019d12de0d1}\Shell\AutoRun\command - "" = K:\ O33 - MountPoints2\{7056251a-632f-11dd-951a-0019d12de0d1}\Shell\open\Command - "" = rundll32.exe .\\tobhbios.dll,InstallM O33 - MountPoints2\{70ceb79f-7cf8-11dc-90af-0019d12de0d1}\Shell - "" = AutoRun O33 - MountPoints2\{70ceb79f-7cf8-11dc-90af-0019d12de0d1}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found O33 - MountPoints2\{9ffb42e8-be0e-11dd-a665-0019d12de0d1}\Shell - "" = AutoRun O33 - MountPoints2\{9ffb42e8-be0e-11dd-a665-0019d12de0d1}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\{ce7093e4-4a9c-11dd-b855-0019d12de0d1}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: Nla - Service key not found. File not found NetSvcs: Ntmssvc - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: SRService - Service key not found. File not found NetSvcs: Wmi - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: LogonHours - Service key not found. File not found NetSvcs: PCAudit - Service key not found. File not found NetSvcs: helpsvc - Service key not found. File not found NetSvcs: uploadmgr - Service key not found. File not found [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2 C:\Windows\*.tmp files] [4 C:\ProgramData\*.tmp files] [2009/09/04 13:35:04 | 00,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/09/04 13:35:02 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/09/04 13:35:01 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/09/04 13:35:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2 [2009/09/04 13:32:41 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat [2009/09/04 13:21:33 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT [2009/09/04 05:23:31 | 00,359,932 | ---- | C] () -- C:\Users\Rory\Desktop\dds.scr [2009/09/04 05:18:13 | 00,288,768 | ---- | C] () -- C:\Users\Rory\Desktop\gmer.exe [2009/09/04 05:14:17 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2009/09/04 05:13:54 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/09/04 05:12:43 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2009/09/04 04:59:49 | 04,208,640 | -H-- | C] () -- C:\Users\Rory\AppData\Local\IconCache.db [2009/09/04 04:33:45 | 00,000,000 | ---D | C] -- C:\HijackThis [2009/09/04 04:26:53 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis [2009/09/04 04:12:41 | 00,000,048 | ---- | C] () -- C:\boot.ini [2009/09/04 04:01:55 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\Malwarebytes [2009/09/04 04:01:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009/09/04 03:52:35 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2009/09/04 03:50:33 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\SUPERAntiSpyware.com [2009/09/04 03:50:33 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009/09/04 03:36:32 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2009/09/04 03:27:57 | 00,000,000 | -H-D | C] -- C:\Windows\PIF [2009/09/04 03:23:30 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2009/09/04 03:22:34 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864} [2009/09/04 03:22:33 | 00,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2009/09/04 03:22:15 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009/09/04 00:26:40 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\Artisteer [2009/09/04 00:21:57 | 00,000,238 | -H-- | C] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/09/04 00:21:51 | 00,000,278 | -H-- | C] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [2009/09/03 18:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Sun [2009/09/03 14:48:24 | 00,000,000 | ---D | C] -- C:\Windows\E31C348B63A94CBF8D7FD932ABB63244.TMP [2009/08/31 16:48:53 | 06,199,620 | ---- | C] () -- C:\Users\Rory\Desktop\Andy C - Roll On.mp3 [2009/08/31 01:59:23 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\foobar2000 [2009/08/31 01:59:02 | 00,000,828 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk [2009/08/31 01:59:01 | 00,000,000 | ---D | C] -- C:\Program Files\foobar2000 [2009/08/30 10:18:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage [2009/08/30 02:17:32 | 03,087,772 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des [2009/08/27 19:22:29 | 00,131,072 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2kfNT.sys [2009/08/27 19:22:29 | 00,079,104 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\Mkd2Nadr.sys [2009/08/27 19:20:56 | 00,000,000 | ---D | C] -- C:\Program Files\AhnLab [2009/08/27 02:37:50 | 00,000,783 | ---- | C] () -- C:\Users\Rory\Desktop\MapleStory Europe.lnk [2009/08/27 01:08:47 | 00,000,000 | ---D | C] -- C:\Nexon [2009/08/27 01:08:46 | 00,421,888 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2009/08/24 12:25:00 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\Red Kawa [2009/08/23 16:16:26 | 00,000,000 | ---D | C] -- C:\Users\Rory\AppData\Roaming\avidemux [2009/08/23 16:12:03 | 00,000,679 | ---- | C] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [3 C:\Windows\System32\*.tmp files] [2 C:\Windows\*.tmp files] [4 C:\ProgramData\*.tmp files] [2009/09/04 13:35:04 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/09/04 13:32:41 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat [2009/09/04 13:05:08 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/09/04 13:05:08 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/09/04 13:00:02 | 00,000,278 | -H-- | M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [2009/09/04 13:00:01 | 00,000,238 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/09/04 08:13:36 | 40,589,153 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/09/04 05:28:48 | 00,359,932 | ---- | M] () -- C:\Users\Rory\Desktop\dds.scr [2009/09/04 05:18:14 | 00,288,768 | ---- | M] () -- C:\Users\Rory\Desktop\gmer.exe [2009/09/04 05:05:33 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/09/04 05:04:30 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/09/04 04:59:49 | 04,208,640 | -H-- | M] () -- C:\Users\Rory\AppData\Local\IconCache.db [2009/09/04 04:14:46 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2009/09/04 04:12:41 | 00,000,048 | ---- | M] () -- C:\boot.ini [2009/09/04 03:22:33 | 00,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2009/09/04 02:37:43 | 00,183,296 | ---- | M] () -- C:\Users\Rory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/04 00:46:29 | 00,731,074 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/09/04 00:46:29 | 00,626,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/09/04 00:46:29 | 00,109,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/09/03 23:00:46 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F1B898F3-48E5-4876-B647-9B59CD0DF168}.job [2009/09/03 22:59:12 | 00,000,518 | ---- | M] () -- C:\Windows\ulead32.ini [2009/09/02 23:40:50 | 00,076,683 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/08/31 16:49:08 | 06,199,620 | ---- | M] () -- C:\Users\Rory\Desktop\Andy C - Roll On.mp3 [2009/08/31 01:59:02 | 00,000,828 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk [2009/08/28 23:39:08 | 00,000,312 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job [2009/08/27 02:37:50 | 00,000,783 | ---- | M] () -- C:\Users\Rory\Desktop\MapleStory Europe.lnk [2009/08/27 01:08:46 | 00,421,888 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2009/08/25 16:12:31 | 00,000,661 | ---- | M] () -- C:\Users\Rory\Desktop\EpicRFOnline.lnk [2009/08/23 16:12:03 | 00,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk [2009/08/22 12:20:51 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2009/08/22 12:20:51 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2009/08/22 12:20:50 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [color=#E56717]========== LOP Check ==========[/color] [2009/09/04 04:01:55 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming [2007/09/01 16:02:22 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Ahead [2009/09/04 00:26:40 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Artisteer [2009/08/23 16:24:18 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\avidemux [2007/08/26 19:38:27 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Azureus [2007/11/23 01:15:00 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\BearShare [2007/06/10 01:46:52 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2008/11/23 14:42:07 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\DAEMON Tools [2009/06/27 11:20:11 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\DNA [2007/07/02 23:01:56 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Dynamic [2007/07/09 02:42:30 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\FlashGet [2008/07/06 00:53:11 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\FLV Extract [2009/08/31 03:24:51 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\foobar2000 [2009/09/04 05:07:08 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Gmote [2008/02/10 16:06:06 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Hamachi [2008/06/04 16:56:57 | 00,000,000 | -H-D | M] -- C:\Users\Rory\AppData\Roaming\ijjigame [2009/08/12 19:34:49 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Image Zone Express [2008/05/26 23:04:55 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\LimeWire [2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Media Center Programs [2007/08/18 12:28:21 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\MP3Rocket [2009/01/19 23:00:45 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Nokia [2009/01/19 23:13:16 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Nseries [2008/03/06 05:54:14 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\OpenOffice.org2 [2007/07/24 00:51:55 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Opera [2009/01/19 21:28:22 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\PC Suite [2008/08/27 21:30:44 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\PeerNetworking [2007/05/17 20:07:40 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Printer Info Cache [2009/08/24 12:25:00 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Red Kawa [2007/04/15 13:42:29 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Screenshot Sender [2007/06/10 01:30:03 | 00,000,000 | RH-D | M] -- C:\Users\Rory\AppData\Roaming\SecuROM [2008/02/07 01:43:27 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\SiteClasses [2008/02/03 13:15:13 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Sites [2007/10/21 20:41:23 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Sports Interactive [2008/02/17 19:27:32 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\SSH [2007/12/20 20:06:51 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\SystemRequirementsLab [2008/07/05 15:34:11 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\TomTom [2008/11/29 18:02:47 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\U3 [2007/05/25 03:02:03 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Ulead Systems [2009/09/04 03:07:00 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\uTorrent [2009/06/29 22:44:45 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Ventrilo [2007/12/27 22:11:29 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\vmntoolbar [2008/01/16 18:32:33 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\VoipCheapCom [2008/02/07 21:05:51 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Vso [2009/06/25 19:35:59 | 00,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Xfire [2009/09/04 04:14:46 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009/09/04 05:05:33 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT [2009/09/04 05:00:08 | 00,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/09/03 23:00:46 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F1B898F3-48E5-4876-B647-9B59CD0DF168}.job [2009/08/28 23:39:08 | 00,000,312 | ---- | M] () -- C:\Windows\Tasks\WebReg HP Photosmart C4500 series.job [2009/09/04 13:00:01 | 00,000,238 | -H-- | M] () -- C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job [2009/09/04 13:00:02 | 00,000,278 | -H-- | M] () -- C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\eventlog.dll >[/color] [color=#A23BEC]< %systemroot%\system32\scecli.dll >[/color] [2008/01/19 08:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll [3 C:\Windows\system32\*.tmp files] [color=#A23BEC]< %systemroot%\netlogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\cngaudit.dll >[/color] [2006/11/02 10:46:03 | 00,061,952 | ---- | M] () -- C:\Windows\system32\cngaudit.dll [3 C:\Windows\system32\*.tmp files] [color=#A23BEC]< %systemroot%\system32\sceclt.dll >[/color] [color=#A23BEC]< %systemroot%\ntelogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\logevent.dll >[/color] [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\logevent.dll [3 C:\Windows\system32\*.tmp files] < End of report >