[code] OTS logfile created on: 28/05/2010 22:05:34 - Run 1 OTS by OldTimer - Version 3.1.31.0 Folder = C:\Users\Armstrongs\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.68 Gb Total Space | 188.40 Gb Free Space | 41.71% Space Free | Partition Type: NTFS Drive D: | 14.08 Gb Total Space | 1.98 Gb Free Space | 14.06% Space Free | Partition Type: NTFS Drive E: | 3.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ARMSTRONGS-PC Current User Name: Armstrongs Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Armstrongs\Desktop\OTS.exe -> [2010/05/28 22:02:08 | 000,640,000 | ---- | M] (OldTimer Tools) avgtray.exe -> C:\Program Files (x86)\AVG\AVG9\avgtray.exe -> [2010/04/21 08:52:05 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010/04/01 22:29:14 | 000,908,248 | ---- | M] (Mozilla Corporation) avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -> [2010/03/17 09:45:45 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) avgemc.exe -> C:\Program Files (x86)\AVG\AVG9\avgemc.exe -> [2010/03/17 09:45:21 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe -> [2010/03/17 09:45:19 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) mailwasher.exe -> C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe -> [2009/10/23 10:56:18 | 019,291,304 | ---- | M] (Firetrust Ltd) iaantmon.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) gbmagent.exe -> C:\Program Files (x86)\Genie-Soft\GBMPro8\GBMAgent.exe -> [2008/07/28 10:05:02 | 000,189,056 | ---- | M] (Genie-soft) photoshopelementsfileagent.exe -> C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () tabtip32.exe -> C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe -> [2006/11/02 16:04:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Modules - Safe List] ots.exe -> C:\Users\Armstrongs\Desktop\OTS.exe -> [2010/05/28 22:02:08 | 000,640,000 | ---- | M] (OldTimer Tools) wininet.dll -> C:\Windows\SysWOW64\wininet.dll -> [2010/03/09 17:28:40 | 000,833,024 | ---- | M] (Microsoft Corporation) tiptsf.dll -> C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll -> [2008/01/21 03:52:09 | 000,380,416 | ---- | M] (Microsoft Corporation) comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2008/01/21 03:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) msscript.ocx -> C:\Windows\SysWOW64\msscript.ocx -> [2008/01/21 03:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/21 03:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) normaliz.dll -> C:\Windows\SysWOW64\normaliz.dll -> [2006/11/02 09:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] 64bit-(RCVistaSvc) [Auto | Running] -> C:\Program Files\Max Registry Cleaner\RCVistaService.exe -> [2010/02/11 22:47:48 | 002,289,096 | ---- | M] (Max Secure Software) 64bit-(TabletServicePen) [Auto | Running] -> C:\Windows\SysNative\Pen_Tablet.exe -> [2008/05/01 23:37:30 | 004,510,504 | ---- | M] () 64bit-(ezSharedSvc) [Auto | Running] -> C:\Windows\SysNative\svchost.exe -> [2008/01/21 03:50:24 | 000,027,648 | ---- | M] () 64bit-(WinDefend) [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) (avg9wd) AVG Free WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -> [2010/03/17 09:45:45 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) (avg9emc) AVG Free E-mail Scanner [Auto | Running] -> C:\Program Files (x86)\AVG\AVG9\avgemc.exe -> [2010/03/17 09:45:21 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/09/19 09:53:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) (ezSharedSvc) Easybits Shared Services for Windows [Auto | Running] -> C:\Windows\SysWOW64\ezsvc7.dll -> [2009/01/04 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) (GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -> [2008/12/09 03:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) (IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) (Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) (clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 19:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) (AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Auto | Running] -> C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () (MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 14:34:14 | 000,000,000 | ---D | M] (vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 07:35:15 | 000,060,994 | ---- | M] () (VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 07:35:15 | 000,055,846 | ---- | M] () [Driver Services - Safe List] 64bit-(AvgTdiA) AVG Free8 Network Redirector x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgtdia.sys -> [2010/04/21 08:52:03 | 000,317,520 | ---- | M] () 64bit-(AvgMfx64) AVG Free On-access Scanner Minifilter Driver x64 [File_System | System | Running] -> C:\Windows\SysNative\Drivers\avgmfx64.sys -> [2010/03/17 09:45:51 | 000,035,464 | ---- | M] () 64bit-(AvgLdx64) AVG Free AVI Loader Driver x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgldx64.sys -> [2010/03/17 09:45:21 | 000,269,320 | ---- | M] () 64bit-(USBAAPL64) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\Drivers\usbaapl64.sys -> [2009/08/28 19:42:52 | 000,049,152 | ---- | M] () 64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -> [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () 64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\igdkmd64.sys -> [2009/02/26 12:46:34 | 010,276,352 | ---- | M] () 64bit-(PCDSRVC{F36B3A4C-F95654BD-06000000}_0) PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver [Kernel | On_Demand | Stopped] -> c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -> [2009/02/02 19:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) 64bit-(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Rtlh64.sys -> [2009/01/20 15:49:48 | 000,195,584 | ---- | M] () 64bit-(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iastor.sys -> [2008/12/04 13:48:52 | 000,407,064 | ---- | M] () 64bit-(wacmoumonitor) Wacom Mode Helper [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -> [2008/03/17 21:08:08 | 000,017,192 | ---- | M] () 64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2008/01/21 03:47:28 | 000,046,080 | ---- | M] () 64bit-(wacomvhid) Wacom Virtual Hid Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\wacomvhid.sys -> [2008/01/15 21:11:40 | 000,015,272 | ---- | M] () 64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\PxHlpa64.sys -> [2007/12/20 03:00:00 | 000,054,480 | ---- | M] () 64bit-(wacommousefilter) Wacom Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -> [2007/02/16 20:12:36 | 000,012,848 | ---- | M] () 64bit-(WacomVKHid) Virtual Keyboard Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\WacomVKHid.sys -> [2007/02/16 01:11:26 | 000,012,976 | ---- | M] () (WimFltr) WimFltr [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\WimFltr.sys -> [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) (Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 22:36:40 | 000,003,066 | ---- | M] () (mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 22:35:23 | 000,001,088 | ---- | M] () (pfc) Padus ASPI Shell [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\pfc.sys -> [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Presario&pf=cndt -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Presario&pf=cndt -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Presario&pf=cndt -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\] > -> -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=Presario&pf=cndt -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\: Main\\"Start Page" -> http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\: Main\\"StartPageCache" -> 1 -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\: "ProxyEnable" -> 1 -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\: "ProxyOverride" -> -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\: "ProxyServer" -> http=127.0.0.1:5555 -> < FireFox Settings [Prefs.js] > -> C:\Users\Armstrongs\AppData\Roaming\Mozilla\FireFox\Profiles\sgfv0b7t.default\prefs.js -> browser.search.defaultenginename -> "eSnips Search" -> browser.search.order.1 -> "eSnips Search" -> browser.search.selectedEngine -> "Google" -> browser.startup.homepage -> "http://www.google.co.uk/" -> extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812 -> keyword.URL -> "http://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=" -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files (x86)\AVG\AVG9\Firefox [C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX] -> [2010/04/22 08:37:46 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/01 22:29:21 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/04/22 12:05:37 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions -> -> HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components -> C:\Program Files (x86)\Mozilla Thunderbird\components [C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010/04/22 10:30:37 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Armstrongs\AppData\Roaming\Mozilla\Extensions -> [2010/04/22 10:30:47 | 000,000,000 | ---D | M] No name found -> C:\Users\Armstrongs\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/04/22 10:30:47 | 000,000,000 | ---D | M] -> C:\Users\Armstrongs\AppData\Roaming\Mozilla\Firefox\Profiles\sgfv0b7t.default\extensions -> [2010/05/27 22:23:20 | 000,000,000 | ---D | M] Microsoft .NET Framework Assistant -> C:\Users\Armstrongs\AppData\Roaming\Mozilla\Firefox\Profiles\sgfv0b7t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/17 14:53:16 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/04/06 15:31:05 | 000,000,000 | ---D | M] < HOSTS File > ([2009/10/14 14:57:02 | 000,000,789 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.fanfiction.net < 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG9\avgssiea.dll [AVG Safe Search] -> [2010/04/21 08:52:03 | 002,317,664 | ---- | M] (AVG Technologies CZ, s.r.o.) < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2010/04/21 08:52:03 | 001,615,200 | ---- | M] (AVG Technologies CZ, s.r.o.) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\] > -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "CanonMyPrinter" -> C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> [2008/03/03 17:06:00 | 002,114,376 | ---- | M] (CANON INC.) "CanonSolutionMenu" -> C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe ["C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon] -> [2008/03/10 17:20:00 | 000,689,488 | ---- | M] (CANON INC.) "HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2009/03/05 13:24:16 | 000,227,352 | ---- | M] () "IAAnotif" -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe ["C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"] -> [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) "IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2009/03/05 13:24:28 | 000,154,648 | ---- | M] () "Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2009/03/05 13:24:24 | 000,202,264 | ---- | M] () "RCAutoLiveUpdate" -> C:\Program Files\Max Registry Cleaner\MaxLURC.exe [C:\Program Files\Max Registry Cleaner\MaxLURC.exe -AUTO] -> [2010/02/11 22:47:44 | 001,471,944 | ---- | M] (Max Secure Software) "RCSystemTray" -> C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe [C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe] -> [2010/02/11 22:47:46 | 001,138,120 | ---- | M] (Max Secure Software www.maxpcsecure.com) "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/21 03:47:32 | 001,584,184 | ---- | M] (Microsoft Corporation) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Photo Downloader" -> C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe ["C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"] -> [2007/09/11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) "AVG9_TRAY" -> C:\Program Files (x86)\AVG\AVG9\avgtray.exe [C:\PROGRA~2\AVG\AVG9\avgtray.exe] -> [2010/04/21 08:52:05 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) "GBMPro8Agent" -> C:\Program Files (x86)\Genie-Soft\GBMPro8\GBMAgent.exe ["C:\Program Files (x86)\Genie-Soft\GBMPro8\GBMAgent.exe"] -> [2008/07/28 10:05:02 | 000,189,056 | ---- | M] (Genie-soft) "GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) "HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/12/04 08:14:48 | 000,075,016 | ---- | M] (Hewlett-Packard) "hpsysdrv" -> c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe] -> [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) "UpdateLBPShortCut" -> c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe ["c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"] -> [2008/12/03 22:15:16 | 000,218,408 | ---- | M] (CyberLink Corp.) "UpdateP2GoShortCut" -> c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2008/12/03 22:15:16 | 000,218,408 | ---- | M] (CyberLink Corp.) "UpdatePDIRShortCut" -> c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe ["c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"] -> [2008/12/03 22:15:16 | 000,218,408 | ---- | M] (CyberLink Corp.) "UpdatePSTShortCut" -> c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe ["c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"] -> [2009/02/02 14:05:26 | 000,210,216 | ---- | M] (CyberLink Corp.) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/21 03:47:33 | 001,233,920 | ---- | M] (Microsoft Corporation) "WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/21 03:47:52 | 002,153,472 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/21 03:47:33 | 001,233,920 | ---- | M] (Microsoft Corporation) "WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/21 03:47:52 | 002,153,472 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\] > -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoActiveDesktop" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"HideFastUserSwitching" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000] > -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoLogoff" -> [0] -> File not found \\"NoClose" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000] > -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableLockWorkstation" -> [0] -> File not found \\"DisableChangePassword" -> [0] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation) {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation) < 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\] > -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\] > -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1497993700-3962924676-3806845536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {6B88442E-7910-4AE6-9532-ECD85ED2B66E}\\NameServer -> 194.168.4.100,194.168.8.100 (Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC) -> < 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrssta.dll -> C:\Windows\SysNative\avgrssta.dll -> [2010/03/17 09:45:51 | 000,012,976 | ---- | M] () *MultiFile Done* -> -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/06/08 09:13:36 | 003,080,704 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/06/08 09:13:37 | 002,927,104 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2009/02/26 12:08:50 | 000,230,400 | ---- | M] () < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) "{E54729E8-BB3D-4270-9D49-7389EA579090}" [HKLM] -> C:\Windows\SysWOW64\ezUPBHook.dll [EasyBits Security Shield Hook - prevents launching insecure programs by kids] -> [2009/06/08 01:23:07 | 000,052,272 | ---- | M] (EasyBits Software Corp.) < Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> < Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {11930E7E-BAB6-4092-B349-A1C1B5AB5F8F} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {12913D2F-1F01-4CFA-BD9A-EA1367C1C61B} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {18BD0913-57F6-4772-A3A6-3E55C429204B} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {29057C50-3DE9-47B8-86EF-75B31F2E7D97} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {3FF7354F-9F82-47F2-94FA-B7874A81C2E3} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {49994CFC-D3A8-45AC-9D56-85F7C39C496E} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {68F934DE-99A2-40CB-823C-E0B22AD3D734} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {7A0B6745-23F5-470C-A30C-1D250678CE34} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {A2B461A0-0B3C-47D4-A558-5911435B62C7} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {A5C16F8B-A8F0-47E6-9CD2-5BF995BADAB1} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {DEA357B4-F80F-428E-AAB7-D21B5715F0B8} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {111FD57B-0AD6-4094-B557-5DCA25DEC512} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {117C1508-6811-4322-8978-BD66B3528EBB} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {121A69AE-5C78-4895-9E32-690E801B888F} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {37C47EA8-E60C-48A4-9CE8-A582AA76FC89} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | {4EE37241-A83D-45B8-9FDC-ACC496D6D4F6} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe | {68022C0A-0AAE-4790-AA65-3B7A1E2E3436} -> profile=private | dir=in | action=allow | name=avgnsa.exe | app=c:\program files (x86)\avg\avg8\avgnsa.exe | {69305297-3E78-4888-AB49-3D9787E307DC} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {952FCDD8-AE37-4902-AAB7-676180FA9349} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | {95C70EE7-AA31-4B3E-9EE9-528CDF1E72A5} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {AED031B2-4DB2-4C0C-94E5-8C50B5F9CFE4} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | {B48AABB1-B7FF-4A0A-8DD9-538ED2029CCA} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {DDEACCD8-4E10-433A-9F79-A04BE2C9D7DC} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe | {DF547364-32C1-49F7-BDD9-2BCC34F2D038} -> profile=private | dir=in | action=allow | name=avgemc.exe | app=c:\program files (x86)\avg\avg8\avgemc.exe | {E0A6A938-18BC-4C05-B0EF-9DD9361ADA99} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {F56268C3-1C1D-42D8-AFDB-F495FD665316} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {FC71DEC3-A9F6-4D31-8F11-24AC6802C89D} -> profile=private | dir=in | action=allow | name=avgupd.exe | app=c:\program files (x86)\avg\avg8\avgupd.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/21 03:46:54 | 000,079,872 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> 64bit-batfile [open] -> "%1" %* -> File not found 64bit-cmdfile [open] -> "%1" %* -> File not found 64bit-comfile [open] -> "%1" %* -> File not found 64bit-exefile [open] -> "%1" %* -> File not found 64bit-htmlfile [edit] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) 64bit-htmlfile [print] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) 64bit-inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2006/11/02 12:15:54 | 000,011,264 | ---- | M] () 64bit-piffile [open] -> "%1" %* -> File not found 64bit-scrfile [config] -> "%1" -> File not found 64bit-scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/01/21 03:50:36 | 000,371,200 | ---- | M] () 64bit-scrfile [open] -> "%1" /S -> File not found 64bit-Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> File not found 64bit-Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2009/09/22 16:24:22 | 000,135,592 | ---- | M] () 64bit-Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/21 03:50:37 | 000,363,008 | ---- | M] () 64bit-Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/06/08 09:13:36 | 003,080,704 | ---- | M] (Microsoft Corporation) 64bit-Directory [OneNote.Open] -> C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation) 64bit-Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2009/09/22 16:24:22 | 000,135,592 | ---- | M] () 64bit-Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2009/06/08 09:13:36 | 003,080,704 | ---- | M] (Microsoft Corporation) 64bit-Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2009/06/08 09:13:36 | 003,080,704 | ---- | M] (Microsoft Corporation) 64bit-Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/06/08 09:13:36 | 003,080,704 | ---- | M] (Microsoft Corporation) batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 10:44:59 | 000,211,968 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> htmlfile [edit] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) htmlfile [print] -> "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2008/01/21 03:49:56 | 000,011,776 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/01/21 03:48:19 | 000,368,640 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [AddToPlaylistVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" -> [2009/09/22 16:24:22 | 000,135,592 | ---- | M] () Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/21 03:48:06 | 000,318,976 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/06/08 09:13:36 | 003,080,704 | ---- | M] (Microsoft Corporation) Directory [OneNote.Open] -> C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation) Directory [PlayWithVLC] -> "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" -> [2009/09/22 16:24:22 | 000,135,592 | ---- | M] () Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2009/06/08 09:13:36 | 003,080,704 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2009/06/08 09:13:36 | 003,080,704 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/06/08 09:13:36 | 003,080,704 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 28/05/2010 03:17:29 Computer Name = Armstrongs-PC | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 28/05/2010 08:36:44 Computer Name = Armstrongs-PC | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 28/05/2010 10:59:08 Computer Name = Armstrongs-PC | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 28/05/2010 13:22:13 Computer Name = Armstrongs-PC | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 28/05/2010 13:51:06 Computer Name = Armstrongs-PC | Source = Application Error | ID = 1000 -> Description = Faulting application jaucheck.exe, version 2.0.2.1, time stamp 0x4b7d6dd6, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a783, exception code 0xc0000005, fault offset 0x000625c6, process id 0x1620, application start time 0x01cafe8e58d0c92a. Application [ Error ] 28/05/2010 13:56:32 Computer Name = Armstrongs-PC | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 28/05/2010 14:15:43 Computer Name = Armstrongs-PC | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 28/05/2010 14:33:02 Computer Name = Armstrongs-PC | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 28/05/2010 14:43:51 Computer Name = Armstrongs-PC | Source = WinMgmt | ID = 10 -> Description = Application [ Error ] 28/05/2010 15:46:42 Computer Name = Armstrongs-PC | Source = WinMgmt | ID = 10 -> Description = System [ Error ] 30/04/2010 03:29:44 Computer Name = Armstrongs-PC | Source = Print | ID = 6161 -> Description = The document Microsoft Word - Cops & Robbers party plan _5_, owned by Armstrongs, failed to print on printer Canon MP240 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 27264. Total number of pages in the document: 5. Number of pages printed: 0. Client computer: \\ARMSTRONGS-PC. Win32 error code returned by the print processor: 1. Incorrect function. System [ Error ] 30/04/2010 03:30:03 Computer Name = Armstrongs-PC | Source = Service Control Manager | ID = 7000 -> Description = System [ Error ] 30/04/2010 03:30:03 Computer Name = Armstrongs-PC | Source = Service Control Manager | ID = 7026 -> Description = System [ Error ] 30/04/2010 08:02:00 Computer Name = Armstrongs-PC | Source = DCOM | ID = 10005 -> Description = System [ Error ] 30/04/2010 08:02:00 Computer Name = Armstrongs-PC | Source = Service Control Manager | ID = 7009 -> Description = System [ Error ] 30/04/2010 08:02:00 Computer Name = Armstrongs-PC | Source = Service Control Manager | ID = 7000 -> Description = System [ Error ] 30/04/2010 08:02:00 Computer Name = Armstrongs-PC | Source = Service Control Manager | ID = 7009 -> Description = System [ Error ] 30/04/2010 08:02:00 Computer Name = Armstrongs-PC | Source = Service Control Manager | ID = 7000 -> Description = System [ Error ] 30/04/2010 08:02:42 Computer Name = Armstrongs-PC | Source = Service Control Manager | ID = 7009 -> Description = System [ Error ] 30/04/2010 08:02:42 Computer Name = Armstrongs-PC | Source = Service Control Manager | ID = 7000 -> Description = [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Armstrongs\Desktop\OTS.exe -> [2010/05/28 22:02:00 | 000,640,000 | ---- | C] (OldTimer Tools) Malwarebytes -> C:\Users\Armstrongs\AppData\Roaming\Malwarebytes -> [2010/05/28 19:55:12 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/05/28 19:55:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2010/05/28 19:55:05 | 000,000,000 | ---D | C] Malwarebytes -> C:\ProgramData\Malwarebytes -> [2010/05/28 19:55:05 | 000,000,000 | ---D | C] 32788R22FWJFW -> C:\32788R22FWJFW -> [2010/05/28 19:54:43 | 000,000,000 | ---D | C] pavijwnax -> C:\Users\Armstrongs\AppData\Local\pavijwnax -> [2010/05/27 23:20:24 | 000,000,000 | ---D | C] Tax -> C:\Users\Armstrongs\Desktop\Tax -> [2010/05/25 13:53:54 | 000,000,000 | ---D | C] Microsoft CAPICOM 2.1.0.2 -> C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 -> [2010/04/30 13:15:56 | 000,000,000 | ---D | C] nshhttp.dll -> C:\Windows\SysWow64\nshhttp.dll -> [2010/04/30 13:11:05 | 000,024,064 | ---- | C] (Microsoft Corporation) httpapi.dll -> C:\Windows\SysWow64\httpapi.dll -> [2010/04/30 13:11:04 | 000,031,232 | ---- | C] (Microsoft Corporation) wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2010/04/30 12:59:52 | 000,833,024 | ---- | C] (Microsoft Corporation) occache.dll -> C:\Windows\SysWow64\occache.dll -> [2010/04/30 12:59:52 | 000,146,432 | ---- | C] (Microsoft Corporation) ieapfltr.dll -> C:\Windows\SysWow64\ieapfltr.dll -> [2010/04/30 12:59:50 | 000,380,928 | ---- | C] (Microsoft Corporation) mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2010/04/30 12:59:49 | 000,476,672 | ---- | C] (Microsoft Corporation) iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2010/04/30 12:59:49 | 000,389,120 | ---- | C] (Microsoft Corporation) msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2010/04/30 12:59:48 | 000,458,240 | ---- | C] (Microsoft Corporation) html.iec -> C:\Windows\SysWow64\html.iec -> [2010/04/30 12:59:48 | 000,389,632 | ---- | C] (Microsoft Corporation) ieaksie.dll -> C:\Windows\SysWow64\ieaksie.dll -> [2010/04/30 12:59:48 | 000,230,400 | ---- | C] (Microsoft Corporation) iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2010/04/30 12:59:48 | 000,193,024 | ---- | C] (Microsoft Corporation) ieencode.dll -> C:\Windows\SysWow64\ieencode.dll -> [2010/04/30 12:59:47 | 000,078,336 | ---- | C] (Microsoft Corporation) ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2010/04/30 12:59:47 | 000,026,624 | ---- | C] (Microsoft Corporation) mstime.dll -> C:\Windows\SysWow64\mstime.dll -> [2010/04/30 12:59:46 | 000,671,232 | ---- | C] (Microsoft Corporation) jsproxy.dll -> C:\Windows\SysWow64\jsproxy.dll -> [2010/04/30 12:59:45 | 000,028,160 | ---- | C] (Microsoft Corporation) quartz.dll -> C:\Windows\SysWow64\quartz.dll -> [2010/04/30 12:59:37 | 001,314,816 | ---- | C] (Microsoft Corporation) mciavi32.dll -> C:\Windows\SysWow64\mciavi32.dll -> [2010/04/30 12:59:36 | 000,082,944 | ---- | C] (Microsoft Corporation) avicap32.dll -> C:\Windows\SysWow64\avicap32.dll -> [2010/04/30 12:59:36 | 000,065,024 | ---- | C] (Microsoft Corporation) msvfw32.dll -> C:\Windows\SysWow64\msvfw32.dll -> [2010/04/30 12:59:35 | 000,123,904 | ---- | C] (Microsoft Corporation) avifil32.dll -> C:\Windows\SysWow64\avifil32.dll -> [2010/04/30 12:59:35 | 000,091,136 | ---- | C] (Microsoft Corporation) t2embed.dll -> C:\Windows\SysWow64\t2embed.dll -> [2010/04/30 12:59:24 | 000,156,672 | ---- | C] (Microsoft Corporation) fontsub.dll -> C:\Windows\SysWow64\fontsub.dll -> [2010/04/30 12:59:24 | 000,072,704 | ---- | C] (Microsoft Corporation) vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2010/04/30 12:58:31 | 000,430,080 | ---- | C] (Microsoft Corporation) rastls.dll -> C:\Windows\SysWow64\rastls.dll -> [2010/04/30 12:58:31 | 000,244,224 | ---- | C] (Microsoft Corporation) raschap.dll -> C:\Windows\SysWow64\raschap.dll -> [2010/04/30 12:58:30 | 000,281,600 | ---- | C] (Microsoft Corporation) wintrust.dll -> C:\Windows\SysWow64\wintrust.dll -> [2010/04/30 12:58:30 | 000,171,520 | ---- | C] (Microsoft Corporation) l3codeca.acm -> C:\Windows\SysWow64\l3codeca.acm -> [2010/04/30 12:58:29 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) cabview.dll -> C:\Windows\SysWow64\cabview.dll -> [2010/04/30 12:54:16 | 000,098,304 | ---- | C] (Microsoft Corporation) [Files/Folders - Modified Within 30 Days] GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/05/28 22:07:00 | 000,000,904 | ---- | M] () ntuser.dat -> C:\Users\Armstrongs\ntuser.dat -> [2010/05/28 22:02:35 | 004,456,448 | -HS- | M] () OTS.exe -> C:\Users\Armstrongs\Desktop\OTS.exe -> [2010/05/28 22:02:08 | 000,640,000 | ---- | M] (OldTimer Tools) 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/28 21:46:35 | 000,003,616 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/05/28 21:46:35 | 000,003,616 | -H-- | M] () prvlcl.dat -> C:\Users\Armstrongs\AppData\Local\prvlcl.dat -> [2010/05/28 21:38:15 | 000,000,000 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/05/28 20:52:19 | 000,690,960 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/05/28 20:52:19 | 000,599,942 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/05/28 20:52:19 | 000,105,448 | ---- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/05/28 20:45:31 | 000,000,900 | ---- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/05/28 20:45:07 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/05/28 20:45:01 | 000,067,584 | --S- | M] () ntuser.dat{57599ffd-b4e4-11de-b00b-0026180dee93}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Armstrongs\ntuser.dat{57599ffd-b4e4-11de-b00b-0026180dee93}.TMContainer00000000000000000001.regtrans-ms -> [2010/05/28 20:44:08 | 000,524,288 | -HS- | M] () ntuser.dat{57599ffd-b4e4-11de-b00b-0026180dee93}.TM.blf -> C:\Users\Armstrongs\ntuser.dat{57599ffd-b4e4-11de-b00b-0026180dee93}.TM.blf -> [2010/05/28 20:44:08 | 000,065,536 | -HS- | M] () IconCache.db -> C:\Users\Armstrongs\AppData\Local\IconCache.db -> [2010/05/28 20:44:07 | 003,650,703 | -H-- | M] () rkill.scr -> C:\Users\Armstrongs\Desktop\rkill.scr -> [2010/05/28 20:13:34 | 000,363,520 | ---- | M] () rkill.com -> C:\Users\Armstrongs\Desktop\rkill.com -> [2010/05/28 20:13:26 | 000,363,520 | ---- | M] () rkill.exe -> C:\Users\Armstrongs\Desktop\rkill.exe -> [2010/05/28 20:13:18 | 000,363,520 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/28 19:55:08 | 000,000,854 | ---- | M] () exeHelper.com -> C:\Users\Armstrongs\Desktop\exeHelper.com -> [2010/05/28 19:50:26 | 000,294,400 | ---- | M] () incavi.avm -> C:\Windows\SysNative\drivers\Avg\incavi.avm -> [2010/05/28 13:40:45 | 060,464,081 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Armstrongs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/05/25 21:44:54 | 000,236,032 | ---- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/04/30 13:26:11 | 000,400,112 | ---- | M] () win.ini -> C:\Windows\win.ini -> [2010/04/30 13:06:32 | 000,000,219 | ---- | M] () Manga makeover certificate.docx -> C:\Users\Armstrongs\Desktop\Manga makeover certificate.docx -> [2010/04/29 21:50:08 | 000,011,573 | ---- | M] () mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/04/29 15:39:28 | 000,024,664 | ---- | M] () 636 C:\Users\Armstrongs\AppData\Local\Temp\*.tmp files -> C:\Users\Armstrongs\AppData\Local\Temp\*.tmp -> 636 C:\Users\Armstrongs\AppData\Local\Temp\*.tmp files -> C:\Users\Armstrongs\AppData\Local\Temp\*.tmp -> [Files - No Company Name] rkill.scr -> C:\Users\Armstrongs\Desktop\rkill.scr -> [2010/05/28 20:17:15 | 000,363,520 | ---- | C] () rkill.exe -> C:\Users\Armstrongs\Desktop\rkill.exe -> [2010/05/28 20:17:12 | 000,363,520 | ---- | C] () rkill.com -> C:\Users\Armstrongs\Desktop\rkill.com -> [2010/05/28 20:17:08 | 000,363,520 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/28 19:55:08 | 000,000,854 | ---- | C] () mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/05/28 19:55:05 | 000,024,664 | ---- | C] () exeHelper.com -> C:\Users\Armstrongs\Desktop\exeHelper.com -> [2010/05/28 19:51:57 | 000,294,400 | ---- | C] () nshhttp.dll -> C:\Windows\SysNative\nshhttp.dll -> [2010/04/30 13:11:05 | 000,032,768 | ---- | C] () httpapi.dll -> C:\Windows\SysNative\httpapi.dll -> [2010/04/30 13:11:04 | 000,033,792 | ---- | C] () wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2010/04/30 12:59:53 | 001,032,704 | ---- | C] () occache.dll -> C:\Windows\SysNative\occache.dll -> [2010/04/30 12:59:52 | 000,208,896 | ---- | C] () mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2010/04/30 12:59:50 | 000,758,784 | ---- | C] () ieapfltr.dll -> C:\Windows\SysNative\ieapfltr.dll -> [2010/04/30 12:59:50 | 000,422,400 | ---- | C] () msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2010/04/30 12:59:49 | 000,580,608 | ---- | C] () iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2010/04/30 12:59:49 | 000,480,256 | ---- | C] () iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2010/04/30 12:59:49 | 000,375,296 | ---- | C] () iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2010/04/30 12:59:49 | 000,249,856 | ---- | C] () ieaksie.dll -> C:\Windows\SysNative\ieaksie.dll -> [2010/04/30 12:59:48 | 000,267,776 | ---- | C] () ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2010/04/30 12:59:48 | 000,032,768 | ---- | C] () html.iec -> C:\Windows\SysNative\html.iec -> [2010/04/30 12:59:47 | 000,485,376 | ---- | C] () ieencode.dll -> C:\Windows\SysNative\ieencode.dll -> [2010/04/30 12:59:47 | 000,086,528 | ---- | C] () mstime.dll -> C:\Windows\SysNative\mstime.dll -> [2010/04/30 12:59:46 | 001,129,984 | ---- | C] () jsproxy.dll -> C:\Windows\SysNative\jsproxy.dll -> [2010/04/30 12:59:45 | 000,032,256 | ---- | C] () quartz.dll -> C:\Windows\SysNative\quartz.dll -> [2010/04/30 12:59:37 | 001,570,816 | ---- | C] () iyuv_32.dll -> C:\Windows\SysNative\iyuv_32.dll -> [2010/04/30 12:59:37 | 000,054,272 | ---- | C] () msvidc32.dll -> C:\Windows\SysNative\msvidc32.dll -> [2010/04/30 12:59:37 | 000,038,400 | ---- | C] () msyuv.dll -> C:\Windows\SysNative\msyuv.dll -> [2010/04/30 12:59:37 | 000,025,600 | ---- | C] () msrle32.dll -> C:\Windows\SysNative\msrle32.dll -> [2010/04/30 12:59:36 | 000,015,872 | ---- | C] () tsbyuv.dll -> C:\Windows\SysNative\tsbyuv.dll -> [2010/04/30 12:59:36 | 000,013,824 | ---- | C] () msvfw32.dll -> C:\Windows\SysNative\msvfw32.dll -> [2010/04/30 12:59:35 | 000,143,360 | ---- | C] () avifil32.dll -> C:\Windows\SysNative\avifil32.dll -> [2010/04/30 12:59:35 | 000,108,544 | ---- | C] () mciavi32.dll -> C:\Windows\SysNative\mciavi32.dll -> [2010/04/30 12:59:35 | 000,093,184 | ---- | C] () avicap32.dll -> C:\Windows\SysNative\avicap32.dll -> [2010/04/30 12:59:35 | 000,076,800 | ---- | C] () t2embed.dll -> C:\Windows\SysNative\t2embed.dll -> [2010/04/30 12:59:24 | 000,189,440 | ---- | C] () fontsub.dll -> C:\Windows\SysNative\fontsub.dll -> [2010/04/30 12:59:24 | 000,096,256 | ---- | C] () ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2010/04/30 12:58:44 | 004,690,832 | ---- | C] () vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2010/04/30 12:58:32 | 000,603,648 | ---- | C] () rastls.dll -> C:\Windows\SysNative\rastls.dll -> [2010/04/30 12:58:31 | 000,280,576 | ---- | C] () raschap.dll -> C:\Windows\SysNative\raschap.dll -> [2010/04/30 12:58:30 | 000,295,936 | ---- | C] () wintrust.dll -> C:\Windows\SysNative\wintrust.dll -> [2010/04/30 12:58:30 | 000,218,112 | ---- | C] () l3codeca.acm -> C:\Windows\SysNative\l3codeca.acm -> [2010/04/30 12:58:29 | 000,072,192 | ---- | C] () cabview.dll -> C:\Windows\SysNative\cabview.dll -> [2010/04/30 12:54:16 | 000,104,960 | ---- | C] () Manga makeover certificate.docx -> C:\Users\Armstrongs\Desktop\Manga makeover certificate.docx -> [2010/04/29 21:50:07 | 000,011,573 | ---- | C] () pythoncom26.dll -> C:\Windows\SysWow64\pythoncom26.dll -> [2009/06/08 00:44:56 | 000,354,816 | ---- | C] () pywintypes26.dll -> C:\Windows\SysWow64\pywintypes26.dll -> [2009/06/08 00:44:56 | 000,108,032 | ---- | C] () tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/21 03:50:05 | 000,060,124 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/21 03:49:49 | 000,368,640 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 16:07:25 | 000,030,808 | ---- | C] () GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 16:07:25 | 000,029,779 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 16:07:25 | 000,026,489 | ---- | C] () GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 16:07:25 | 000,026,040 | ---- | C] () [File - Lop Check] Canon -> C:\Users\Armstrongs\AppData\Roaming\Canon -> [2009/09/30 22:35:31 | 000,000,000 | ---D | M] Genie-Soft -> C:\Users\Armstrongs\AppData\Roaming\Genie-Soft -> [2009/10/10 12:20:09 | 000,000,000 | ---D | M] KompoZer -> C:\Users\Armstrongs\AppData\Roaming\KompoZer -> [2009/10/14 15:06:55 | 000,000,000 | ---D | M] Logia -> C:\Users\Armstrongs\AppData\Roaming\Logia -> [2010/03/28 00:57:16 | 000,000,000 | ---D | M] MailWasherPro -> C:\Users\Armstrongs\AppData\Roaming\MailWasherPro -> [2010/05/28 20:51:03 | 000,000,000 | ---D | M] NCH Swift Sound -> C:\Users\Armstrongs\AppData\Roaming\NCH Swift Sound -> [2009/09/19 09:39:34 | 000,000,000 | ---D | M] Thunderbird -> C:\Users\Armstrongs\AppData\Roaming\Thunderbird -> [2010/04/22 10:30:44 | 000,000,000 | ---D | M] WildTangent -> C:\Users\Armstrongs\AppData\Roaming\WildTangent -> [2009/09/18 23:20:17 | 000,000,000 | ---D | M] WinBatch -> C:\Users\Armstrongs\AppData\Roaming\WinBatch -> [2010/03/13 16:55:38 | 000,000,000 | ---D | M] _MDLogs -> C:\Users\Armstrongs\AppData\Roaming\_MDLogs -> [2009/09/17 14:13:40 | 000,000,000 | ---D | M] PCDRScheduledMaintenance.job -> C:\Windows\Tasks\PCDRScheduledMaintenance.job -> [2010/04/01 10:36:50 | 000,000,552 | ---- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/05/28 20:44:12 | 000,032,622 | ---- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > < drivers32 > < %SYSTEMDRIVE%\*.* > bootmgr -> C:\bootmgr -> [2008/01/21 03:50:15 | 000,333,203 | RHS- | M] () BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2009/06/08 08:47:26 | 000,008,192 | R-S- | M] () msdia80.dll -> C:\msdia80.dll -> [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) pagefile.sys -> C:\pagefile.sys -> [2010/05/28 20:44:55 | 303,382,527 | -HS- | M] () rkill.log -> C:\rkill.log -> [2010/05/28 20:17:45 | 000,000,423 | ---- | M] () updatedatfix.log -> C:\updatedatfix.log -> [2009/06/08 01:11:08 | 000,000,361 | ---- | M] () < %systemroot%\*. /mp /s > CREATERESTOREPOINT Restore point Set: OTS Restore Point < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\drivers\*.sys /180 > mbamswissarmy.sys -> C:\Windows\SysWOW64\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Alternate Data Streams] @Alternate Data Stream - 64 bytes -> C:\Users\Armstrongs\Documents\Produce.avi:TOC.WMV < End of report > [/code]