OTL logfile created on: 6/08/2010 9:07:12 AM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\John\Desktop\Anti Malware + Rootkit Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 47.46 Gb Free Space | 63.68% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 634.77 Gb Total Space | 531.85 Gb Free Space | 83.79% Space Free | Partition Type: NTFS Drive G: | 199.07 Gb Total Space | 64.33 Gb Free Space | 32.32% Space Free | Partition Type: NTFS Drive H: | 97.66 Gb Total Space | 84.75 Gb Free Space | 86.78% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive M: | 915.91 Gb Total Space | 538.00 Gb Free Space | 58.74% Space Free | Partition Type: NTFS Drive N: | 915.91 Gb Total Space | 814.98 Gb Free Space | 88.98% Space Free | Partition Type: NTFS Drive T: | 915.91 Gb Total Space | 814.98 Gb Free Space | 88.98% Space Free | Partition Type: NTFS Computer Name: ATHALON Current User Name: John Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/08/06 09:04:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\Anti Malware + Rootkit\OTL.exe PRC - [2010/07/16 00:42:58 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/07/16 00:42:55 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/07/16 00:42:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/07/16 00:42:08 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/07/16 00:42:07 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/07/16 00:41:34 | 001,054,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/03/09 12:52:49 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2008/10/13 23:44:44 | 000,159,232 | ---- | M] (matt.malensek.net) -- C:\Program Files\3RVX\3RVX.exe PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe PRC - [2007/09/20 15:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007/09/20 15:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe PRC - [2007/09/20 09:51:46 | 000,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\Nero 8\Nero BackItUp\NBService.exe PRC - [2007/05/14 00:00:00 | 000,577,536 | ---- | M] () -- C:\Program Files\Notepad2\Notepad2.exe PRC - [2006/08/03 04:12:00 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2003/08/27 16:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE PRC - [2002/03/19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe PRC - [2001/12/12 16:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE PRC - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/08/06 09:04:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\Anti Malware + Rootkit\OTL.exe MOD - [2010/03/09 12:55:54 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010/07/16 00:42:53 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2007/09/20 09:51:46 | 000,853,288 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\Nero 8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3) SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2003/08/27 16:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys -- (WINFLASH) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\SBKUPNT.SYS -- (SBKUPNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139) Realtek RTL8139(A/B/C) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\U-ABIT\FlashMenu\Memctl.sys -- (Memctl) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\KombiFix\catchme.sys -- (catchme) DRV - [2010/07/16 00:42:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/06/30 03:54:11 | 000,052,736 | ---- | M] (eSage Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rk_remover.sys -- (rk_remover-boot) DRV - [2010/06/20 21:26:19 | 000,076,544 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf) DRV - [2010/06/03 02:26:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/05/11 16:29:52 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2010/05/11 16:29:50 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010/01/31 11:42:19 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay) DRV - [2009/10/04 00:00:21 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009/08/28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2009/08/13 11:31:52 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2009/06/18 02:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009/06/18 02:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/18 02:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/06/18 02:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2008/11/11 14:01:24 | 000,074,624 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DlinkUDSMBus.sys -- (DlinkUDSMBus) DRV - [2008/11/11 14:01:20 | 000,097,664 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DlinkUDSTcpBus.sys -- (DlinkUDSTcpBus) DRV - [2008/06/20 07:30:00 | 006,587,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007/06/09 04:51:25 | 000,014,601 | ---- | M] (MediaTek Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FIDE.SYS -- (MTK) DRV - [2007/03/29 11:36:00 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32) DRV - [2006/12/13 21:25:18 | 000,030,329 | ---- | M] (NAVMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Navcar.sys -- (Navcar) DRV - [2006/10/30 19:06:52 | 000,067,456 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GA311ND5.SYS -- (RTL8023) DRV - [2006/10/10 04:58:48 | 000,203,648 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM) DRV - [2006/09/20 14:01:00 | 004,019,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.usedbfororder: true FF - prefs.js..browser.startup.homepage: "http://192.168.1.15/web/login.asp?id=1351726" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1 FF - prefs.js..extensions.enabledItems: {1E2593B2-E106-4697-BCE7-A9D30DE05D73}:6.2.44 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Firefox\extensions\\{1E2593B2-E106-4697-BCE7-A9D30DE05D73}: C:\Program Files\HttpWatch\Firefox\ [2010/05/24 01:14:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/29 18:00:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/11 13:47:03 | 000,000,000 | ---D | M] [2008/08/29 15:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions [2010/08/04 01:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf29wqky.default\extensions [2009/08/09 00:35:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf29wqky.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/15 22:45:04 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf29wqky.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2009/12/02 00:55:51 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\zf29wqky.default\searchplugins\romulation-rom-search.xml [2010/08/04 01:28:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/06/30 04:47:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/03/27 22:29:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/03/27 22:29:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/03/27 22:29:03 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/03/27 22:29:03 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/08/02 03:25:46 | 000,000,315 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 ad.103092804.com O1 - Hosts: 127.0.0.1 tag.contextweb.com O1 - Hosts: 127.0.0.1 contextweb.com O1 - Hosts: 127.0.0.1 ad.xtendmedia.com O1 - Hosts: 127.0.0.1 xtendmedia.com O1 - Hosts: 127.0.0.1 edgesuite.net O1 - Hosts: 127.0.0.1 content.yieldmanager.com O1 - Hosts: 127.0.0.1 ad.yieldmanager.com O2 - BHO: (MyBHO Class) - {46B9D770-1B7D-45D1-81B4-AC07B2F127EF} - C:\Program Files\FlashSwitch\FlashBHO.dll (FlashSwitch Group) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (HttpWatch Basic) - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files\HttpWatch\httpwatchsc.dll (Simtec Limited) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe () O4 - HKLM..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\SharePort\SharePort Network USB Utility.exe (D-Link Corporation) O4 - HKLM..\Run: [ImageXtender] C:\Program Files\ImageXtender\ixshell.exe () O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Ahead\Nero 8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [3RVX] C:\Program Files\3RVX\3RVX.exe (matt.malensek.net) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 65011711 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF 9F 03 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRunFAULTY = 17 FF FF 03 [binary data] O8 - Extra context menu item: &Open selection - C:\Program Files\Internet Explorer\PLUGINS\opensel.html () O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll (Simtec Limited) O9 - Extra 'Tools' menuitem : HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1217054178453 (MUCatalogWebControl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226792761431 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256435823198 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/05/30 11:53:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler) Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.) Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com) Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll () Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2010/08/05 22:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Virus 2010-08-05 [2010/08/04 23:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\ImageSkill [2010/08/04 21:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2010/08/04 16:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Homebrew Icon Set by matriculated [2010/08/03 21:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\wireless headphones [2010/07/31 03:27:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/07/31 02:31:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/07/30 18:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\matt.malensek.net [2010/07/29 13:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\WBFSManager [2010/07/29 13:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\My Documents\WBFS Manager Covers [2010/07/29 13:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS [2010/07/27 14:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Peazip [2010/07/20 08:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\FlashFXP [2010/07/20 00:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Macroplant,_LLC [2010/07/16 00:42:54 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/07/14 19:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Tansee iPhone Copy [2010/07/14 19:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\WindSolutions [2010/07/14 19:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions [2010/07/13 11:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Twitter and Ebay trolls [2010/07/09 20:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Starwars Jib Jab [2010/07/03 11:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/07/03 11:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010/07/02 20:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Sahmon Games [2010/07/02 20:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Astro Avenger 2 [2010/07/02 20:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS_EeeStick [2010/06/30 17:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7 [2010/06/30 04:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/06/30 04:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/06/30 03:48:48 | 000,052,736 | ---- | C] (eSage Lab) -- C:\WINDOWS\System32\drivers\rk_remover.sys [2010/06/27 16:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link SmartConsole Utility [2010/06/27 16:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Image Resizer [2010/06/21 02:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Anti Malware + Rootkit [2010/06/20 19:21:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/06/20 19:13:49 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/06/20 19:09:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/06/20 19:09:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/06/20 19:09:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/06/20 19:08:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/06/20 19:06:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/06/19 02:44:10 | 000,000,000 | ---D | C] -- C:\$AVG [2010/06/17 02:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/06/16 03:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp [2010/06/15 00:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/06 10:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\MoveFab [2010/06/06 10:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO [2010/05/30 23:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\NOS [2010/05/30 16:03:46 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010/05/30 16:03:44 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/05/30 16:03:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2010/05/30 16:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2010/05/30 14:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/05/30 14:23:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010/05/30 13:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone [2010/05/30 13:16:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010/05/30 12:50:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2010/05/30 12:50:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2010/05/30 12:49:07 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2010/05/30 12:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services [2010/05/30 12:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2010/05/29 23:39:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Recent [2010/05/29 22:53:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/05/29 22:53:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/05/29 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/29 03:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/05/25 12:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\avidemux [2010/05/25 12:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5 [2010/05/24 01:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\HttpWatch [2010/05/08 12:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2010/08/06 09:07:09 | 062,985,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/08/06 09:01:52 | 000,830,321 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2010/08/06 09:01:41 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/08/06 09:01:34 | 000,000,834 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/08/06 09:00:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/06 09:00:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/06 05:47:48 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/08/05 22:59:00 | 019,398,656 | ---- | M] () -- C:\Documents and Settings\John\ntuser.dat [2010/08/05 22:54:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini [2010/08/05 22:19:48 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Albums list for Coops.docx [2010/08/05 20:08:04 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Lego brickwars-sets.com.url [2010/08/05 01:41:31 | 000,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/05 01:39:16 | 017,525,618 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db [2010/08/04 23:07:36 | 000,007,916 | ---- | M] () -- C:\WINDOWS\John8.xlb [2010/08/04 23:06:58 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Shortcut to Domains Email and Ebay.xls.lnk [2010/08/04 21:53:47 | 000,031,392 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/08/04 21:08:59 | 000,011,943 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Ivy Requested Music list.docx [2010/08/04 17:01:02 | 000,000,013 | ---- | M] () -- C:\WINDOWS\System32\WinSys32.crc [2010/08/03 22:57:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/08/03 22:43:34 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/02 15:42:45 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/08/02 15:42:15 | 000,001,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2010/08/02 03:25:46 | 000,000,315 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/08/01 17:39:43 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\John\Desktop\BootMiiSwitch - GBAtemp.net.url [2010/08/01 17:39:39 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\John\Desktop\cIOSX rev20 released - GBAtemp.net.url [2010/07/31 03:00:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/30 19:22:59 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\John\Desktop\FILE SERVER (N).lnk [2010/07/26 14:47:44 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini [2010/07/25 19:56:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/07/24 10:48:50 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\John\Desktop\FlashFXP.lnk [2010/07/18 02:04:07 | 000,000,270 | ---- | M] () -- C:\WINDOWS\appr.ini [2010/07/18 01:35:48 | 000,000,109 | ---- | M] () -- C:\WINDOWS\aebpr.ini [2010/07/17 15:33:04 | 000,065,827 | ---- | M] () -- C:\Documents and Settings\John\Desktop\blue sky mining.jpg [2010/07/16 00:42:54 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010/07/16 00:42:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010/07/15 20:10:03 | 001,876,219 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Wallpaper - Lego Battle Droid Army.jpg [2010/07/15 20:08:41 | 000,020,491 | ---- | M] () -- C:\Documents and Settings\John\Desktop\fig_Count_Dooku_small[1].jpg [2010/07/14 11:26:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/07/11 02:47:33 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Star Wars™ voices now available for TomTom devices.url [2010/07/05 22:39:26 | 000,044,032 | ---- | M] () -- C:\WINDOWS\System32\dokan.dll [2010/07/04 13:08:34 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/07/02 20:17:48 | 000,001,451 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Enter Eee Stick Game menu.lnk [2010/06/30 03:54:11 | 000,052,736 | ---- | M] (eSage Lab) -- C:\WINDOWS\System32\drivers\rk_remover.sys [2010/06/30 03:17:40 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gniqutewotev.dat [2010/06/30 03:17:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ebifowaliyun.bin [2010/06/27 16:49:54 | 001,774,720 | ---- | M] () -- C:\WINDOWS\System32\BootMan.exe [2010/06/26 19:32:54 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\John\Application Data\vso_ts_preview.xml [2010/06/26 18:09:13 | 000,001,583 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept [2010/06/25 02:47:46 | 000,008,704 | ---- | M] () -- C:\WINDOWS\John.pcb [2010/06/23 20:04:32 | 000,489,116 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/23 20:04:32 | 000,432,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/23 20:04:32 | 000,067,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/20 21:26:19 | 000,076,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\WudfPf.sys [2010/06/20 19:13:57 | 000,000,281 | -HS- | M] () -- C:\boot.ini [2010/06/07 00:05:10 | 000,000,240 | ---- | M] () -- C:\ss_udp.dat [2010/06/07 00:05:10 | 000,000,240 | ---- | M] () -- C:\ss_nb.dat [2010/06/07 00:05:10 | 000,000,122 | ---- | M] () -- C:\ss_udp2.dat [2010/06/03 02:26:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/06/01 22:12:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010/06/01 22:12:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010/05/30 17:05:03 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/05/30 16:03:44 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010/05/30 15:39:07 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini [2010/05/30 15:39:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010/05/30 15:10:33 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Explorer.lnk [2010/05/30 14:43:41 | 000,001,443 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk [2010/05/30 14:23:35 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010/05/30 13:59:29 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/05/30 13:20:37 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/05/30 12:57:49 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml [2010/05/30 12:57:02 | 000,000,804 | RHS- | M] () -- C:\Documents and Settings\John\ntuser.pol [2010/05/30 12:51:39 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010/05/30 12:48:12 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx [2010/05/30 12:48:01 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010/05/30 12:47:06 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010/05/30 12:47:06 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010/05/30 12:44:58 | 000,022,748 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/05/29 10:41:40 | 000,478,349 | ---- | M] () -- C:\WINDOWS\setupapi.old [2010/05/29 03:47:21 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-UE2HU.msg [2010/05/29 03:47:21 | 000,000,399 | ---- | M] () -- C:\WINDOWS\is-UE2HU.lst [2010/05/22 11:24:30 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Lightsabers from the Big Yellow Box.url [2010/05/15 17:41:12 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\John\Desktop\AV Setup.xls [2010/05/13 01:05:54 | 000,079,289 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Tray Insert2.jpg [2010/05/13 00:57:39 | 000,068,336 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Tray insert1 (ritmo).JPG [2010/05/11 16:29:52 | 000,013,192 | ---- | M] () -- C:\WINDOWS\System32\epmntdrv.sys [2010/05/11 16:29:50 | 000,086,408 | ---- | M] () -- C:\WINDOWS\System32\setupempdrv03.exe [2010/05/11 16:29:50 | 000,008,456 | ---- | M] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2010/05/11 16:29:40 | 000,014,848 | ---- | M] () -- C:\WINDOWS\System32\EuEpmGdi.dll [3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/08/05 20:01:28 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Albums list for Coops.docx [2010/08/04 23:06:27 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Shortcut to Domains Email and Ebay.xls.lnk [2010/08/04 21:08:59 | 000,011,943 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Ivy Requested Music list.docx [2010/08/04 17:46:46 | 000,271,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/08/01 17:39:43 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\John\Desktop\BootMiiSwitch - GBAtemp.net.url [2010/08/01 17:39:39 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\John\Desktop\cIOSX rev20 released - GBAtemp.net.url [2010/07/30 19:22:59 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\John\Desktop\FILE SERVER (N).lnk [2010/07/24 10:48:50 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\John\Desktop\FlashFXP.lnk [2010/07/17 15:33:07 | 000,065,827 | ---- | C] () -- C:\Documents and Settings\John\Desktop\blue sky mining.jpg [2010/07/15 20:11:05 | 001,876,219 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Wallpaper - Lego Battle Droid Army.jpg [2010/07/15 20:08:49 | 000,020,491 | ---- | C] () -- C:\Documents and Settings\John\Desktop\fig_Count_Dooku_small[1].jpg [2010/07/11 02:47:33 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Star Wars™ voices now available for TomTom devices.url [2010/07/07 04:30:06 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Lego brickwars-sets.com.url [2010/07/06 01:52:53 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2010/07/06 01:52:53 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2010/07/06 01:52:52 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2010/07/06 01:52:52 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2010/07/06 01:52:52 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2010/07/05 22:39:26 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll [2010/07/03 11:13:30 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/07/02 20:17:48 | 000,001,451 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Enter Eee Stick Game menu.lnk [2010/06/30 03:17:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ebifowaliyun.bin [2010/06/30 03:17:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gniqutewotev.dat [2010/06/20 20:36:07 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\John\Desktop\gmer.exe [2010/06/20 19:13:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/06/20 19:13:52 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/06/20 19:09:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/06/20 19:09:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/06/20 19:09:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/06/20 19:09:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/06/20 19:09:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/06/06 23:36:48 | 000,000,240 | ---- | C] () -- C:\ss_nb.dat [2010/06/06 23:36:46 | 000,000,122 | ---- | C] () -- C:\ss_udp2.dat [2010/06/06 23:36:43 | 000,000,240 | ---- | C] () -- C:\ss_udp.dat [2010/05/30 16:03:44 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010/05/30 16:03:33 | 062,985,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/05/30 13:24:53 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2010/05/30 12:59:17 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk [2010/05/30 12:49:47 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2010/05/30 12:49:09 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2010/05/30 12:48:14 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml [2010/05/30 12:48:12 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx [2010/05/30 12:47:06 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010/05/30 12:46:59 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010/05/30 12:33:28 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2010/05/30 12:33:28 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2010/05/30 12:33:28 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2010/05/30 12:33:28 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2010/05/30 12:33:28 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2010/05/30 12:33:28 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2010/05/29 03:47:21 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-UE2HU.msg [2010/05/29 03:47:21 | 000,000,399 | ---- | C] () -- C:\WINDOWS\is-UE2HU.lst [2010/05/27 20:36:50 | 019,398,656 | ---- | C] () -- C:\Documents and Settings\John\ntuser.dat [2010/05/22 11:24:30 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Lightsabers from the Big Yellow Box.url [2010/05/13 01:05:54 | 000,079,289 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Tray Insert2.jpg [2010/05/13 00:57:39 | 000,068,336 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Tray insert1 (ritmo).JPG [2010/01/10 23:38:14 | 000,010,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinFlash.sys [2010/01/01 23:47:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2010/01/01 23:46:56 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009/10/10 13:57:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\hegames.ini [2009/09/15 02:03:11 | 000,000,332 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2009/09/05 16:10:04 | 000,000,337 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/08/23 16:16:22 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Spidey.INI [2009/08/09 18:08:15 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI [2009/08/06 12:29:44 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2009/08/06 12:29:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2009/08/06 12:29:44 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll [2009/08/06 12:29:44 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2009/08/06 12:29:42 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2009/08/06 12:29:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2009/08/06 12:29:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2009/08/06 12:29:40 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll [2009/08/06 12:29:40 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/08/06 12:29:40 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2009/08/06 12:29:40 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2009/08/06 12:29:40 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009/08/06 12:29:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2009/08/06 12:29:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2009/08/06 12:29:40 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2009/08/06 12:29:40 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2009/08/06 12:29:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2009/08/06 12:29:40 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2009/08/06 12:29:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/08/06 12:29:40 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/07/27 21:18:07 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009/07/19 15:17:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/07/19 15:17:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009/07/19 15:17:08 | 002,402,304 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2009/07/19 15:17:06 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/07/19 15:17:06 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/07/18 21:34:30 | 000,299,454 | ---- | C] () -- C:\WINDOWS\ALLSIM.INI [2009/07/18 21:34:30 | 000,061,268 | ---- | C] () -- C:\WINDOWS\BIUTILSM.INI [2009/07/18 21:34:30 | 000,057,969 | ---- | C] () -- C:\WINDOWS\SIMSIM.INI [2009/07/18 21:34:30 | 000,000,580 | ---- | C] () -- C:\WINDOWS\Common.ini [2009/07/18 21:06:17 | 000,000,645 | ---- | C] () -- C:\WINDOWS\Setupwizard.ini [2009/01/07 08:53:33 | 000,000,034 | ---- | C] () -- C:\WINDOWS\DVDFab.INI [2008/10/13 17:48:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\gmc.dll [2008/08/30 20:31:50 | 000,995,328 | ---- | C] () -- C:\WINDOWS\System32\Cplsvr1.dll [2008/07/26 15:14:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/07/06 14:04:55 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll [2008/06/20 07:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/06/20 07:30:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/06/20 07:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/06/20 07:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/06/20 07:30:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008/03/05 10:32:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI [2007/12/15 19:09:02 | 000,000,126 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI [2007/09/08 20:57:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007/07/23 21:22:59 | 000,000,083 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI [2007/07/01 16:17:48 | 000,000,270 | ---- | C] () -- C:\WINDOWS\appr.ini [2007/07/01 16:17:25 | 000,000,109 | ---- | C] () -- C:\WINDOWS\aebpr.ini [2007/06/19 07:44:45 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll [2007/06/19 07:44:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2007/06/06 09:08:11 | 000,000,386 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/06/04 02:55:41 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BO5150D.INI [2007/06/04 02:54:16 | 000,000,504 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2007/06/04 02:54:16 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2007/06/04 02:54:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2007/06/03 23:42:35 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VSWizard.ini [2007/06/03 00:27:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/06/02 20:38:35 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2007/06/01 03:30:29 | 000,000,204 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2006/09/28 18:55:50 | 000,076,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\WudfPf.sys [2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll [2000/04/14 16:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [1997/07/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL [1997/07/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL [1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [color=#E56717]========== LOP Check ==========[/color] [2010/05/30 16:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009/12/24 17:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville [2007/12/01 20:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay [2008/12/03 19:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE [2008/06/02 18:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2008/07/24 22:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2009/10/06 17:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2007/07/20 00:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/07/24 23:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2009/01/14 16:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2010/07/14 19:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions [2008/12/06 17:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/04/02 11:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/13 00:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/03/22 03:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Activision [2009/12/30 18:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Auslogics [2010/01/01 17:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVG9 [2010/05/25 12:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\avidemux [2008/07/06 14:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\CoffeeCup Software [2010/07/16 10:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\DVDFab [2009/07/12 15:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\FreshDiagnose [2007/12/29 15:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\GlobalSCAPE [2009/09/18 08:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\HTML Executable [2010/02/15 20:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Jasc [2007/06/03 23:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Leadertech [2010/01/20 23:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\LogoManager [2010/06/06 10:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MoveFab [2009/12/31 23:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MusicBrainz [2009/10/30 00:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NASNaviator2 [2010/01/01 16:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NCH Swift Sound [2008/07/24 23:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Nokia [2008/07/24 23:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\PC Suite [2010/07/02 20:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Sahmon Games [2009/12/11 23:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\SEGA [2009/09/27 04:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\TeraCopy [2010/03/19 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\thecleaner [2009/12/30 17:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Thinstall [2009/09/24 21:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\VitySoft [2010/06/30 17:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Vso [2010/07/14 19:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\WindSolutions [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2007/05/30 11:53:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/05/30 15:39:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010/06/20 19:13:57 | 000,000,281 | -HS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr [2010/07/31 03:11:55 | 000,020,136 | ---- | M] () -- C:\ComboFix.txt [2007/05/30 11:53:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/02/12 19:34:40 | 000,003,092 | ---- | M] () -- C:\DeviceLink.log [2007/05/30 11:53:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/08/06 09:00:53 | 000,000,000 | ---- | M] () -- C:\Log.txt [2007/05/30 11:53:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/05/30 13:20:37 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/05/30 13:59:29 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/08/06 09:00:28 | 3220,680,704 | -HS- | M] () -- C:\pagefile.sys [2010/06/07 00:05:10 | 000,000,240 | ---- | M] () -- C:\ss_nb.dat [2010/06/07 00:05:10 | 000,000,240 | ---- | M] () -- C:\ss_udp.dat [2010/06/07 00:05:10 | 000,000,122 | ---- | M] () -- C:\ss_udp2.dat [2010/06/22 07:52:26 | 000,013,856 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_22.06.2010_07.52.17_log.txt [2010/06/30 01:36:08 | 000,039,074 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_30.06.2010_01.35.49_log.txt [2010/06/30 01:41:13 | 000,038,134 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_30.06.2010_01.40.42_log.txt [2010/06/06 16:15:35 | 000,002,476 | ---- | M] () -- C:\xPos.txt [color=#A23BEC]< %systemroot%\system32\*.wt >[/color] [color=#A23BEC]< %systemroot%\system32\*.ruy >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.com >[/color] [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color] [2010/05/30 12:47:41 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini [color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color] [2003/08/28 16:00:00 | 000,026,288 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPP2KA.DLL [2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2008/07/06 20:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe [2006/07/13 06:00:00 | 000,018,944 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\prprint.dll [color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color] [color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color] [color=#A23BEC]< %systemroot%\system32\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.png >[/color] [color=#A23BEC]< %systemroot%\*.scr >[/color] [color=#A23BEC]< %systemroot%\*._sy >[/color] [color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [color=#A23BEC]< %APPDATA%\Update\*.* >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2010/05/30 22:29:26 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010/05/30 11:10:51 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2010/05/30 22:29:26 | 028,413,952 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010/05/30 22:29:26 | 008,912,896 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-04 15:45:39 < End of report >