OTL logfile created on: 4/24/2013 10:13:16 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 48.84% Memory free 3.35 Gb Paging File | 2.60 Gb Available in Paging File | 77.60% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 272.70 Gb Total Space | 221.07 Gb Free Space | 81.07% Space Free | Partition Type: NTFS Drive D: | 6.74 Gb Total Space | 0.67 Gb Free Space | 9.99% Space Free | Partition Type: FAT32 Computer Name: ANNE | User Name: HP_Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe () PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google) PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Pogo Games\PGMTrusted.exe (iWin Inc.) PRC - c:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon) PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) PRC - C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\_elementtree.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32api.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\_socket.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32ts.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\pysqlite2._sqlite.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._gdi_.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32com.shell.shell.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._html2.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32crypt.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\windows._cacheinvalidation.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\_ctypes.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32profile.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._core_.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\_ssl.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._misc_.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\_hashlib.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\pythoncom27.dll () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\PyWinTypes27.dll () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32security.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32process.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32pdh.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._windows_.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._wizard.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32file.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32inet.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\wx._controls_.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\unicodedata.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\pyexpat.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\win32event.pyd () MOD - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_MEI32923\select.pyd () MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\SiteSafety.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3283b562a391db4f3f6dcee754de15a8\CustomMarshalers.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll () MOD - C:\WINDOWS\system32\encdec.dll () MOD - C:\WINDOWS\system32\sbe.dll () MOD - C:\WINDOWS\system32\mpg2splt.ax () MOD - C:\Program Files\Common Files\LightScribe\LSPrtEn.dll () MOD - C:\Program Files\Common Files\LightScribe\LSCAPI.dll () MOD - C:\Program Files\Common Files\LightScribe\LSDrComm.dll () MOD - C:\Program Files\Common Files\LightScribe\LSSProxy.dll () MOD - C:\Program Files\Common Files\LightScribe\LSLog.dll () MOD - C:\WINDOWS\system32\vbicodec.ax () MOD - c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (vToolbarUpdater15.0.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (PGMTrusted) -- C:\Program Files\Pogo Games\PGMTrusted.exe (iWin Inc.) SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon) SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (WANMiniportService) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (X4HSEx) -- C:\Program Files\Free Ride Games\X4HSEx.Sys File not found DRV - (X4HS32Ex) -- C:\Program Files\Free Ride Games\X4HS32Ex.Sys File not found DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (X4HSEx_Pr143) -- C:\Program Files\Free Ride Games\X4HSEx_Pr143.sys (Exent Technologies Ltd.) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.) DRV - (PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.) DRV - (CXTUNE) -- C:\WINDOWS\system32\drivers\cx88tune.sys (Conexant Systems, Inc.) DRV - (CX88ENC) -- C:\WINDOWS\system32\drivers\cx88enc.sys (Conexant Systems, Inc.) DRV - (CXAVXBAR) -- C:\WINDOWS\system32\drivers\cxavxbar.sys (Conexant Systems, Inc.) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation) DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation ) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.cua.edu/ IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={0E367C61-D555-4093-918F-6FD1E1BB887E}&mid=700141bad31e47d1845ad14acce4e9e6-3f5cb5ee1a2224abb96a8281332e9bcc05b1dd0f&lang=en&ds=AVG&pr=fr&d=2011-09-12 02:04:58&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\SearchScopes\{C4C819E5-F6A1-4826-BB52-EBBEDFE6A572}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7RNWE_en IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc6e20b&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\HP_Administrator\Application Data\nprhapengine.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 09:45:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/24 16:52:10 | 000,000,000 | ---D | M] [2010/07/11 22:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/08/10 20:22:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.0.0.2\AVG Secure Search_toolbar.dll () O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.0.0.2\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [SoundDrivers] "C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe" File not found O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech) O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [q] "xidpwooedd.exe" File not found O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [SoundDrivers] "C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe" File not found O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 3.1)" -"http://clubgames.pogo.com/online2/pogop/AncientTripeaks2/index.aspx?code=112265127&origin=pAllGames_lnk" File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Updates from HP.lnk = File not found O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-2438911799-3484224873-888160877-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab (Support.com Configuration Class) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control) O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.83/FreeRealmsInstaller.cab?v=1032 (SonyOnlineInstallerX) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344474360075 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://clubgames.pogo.com/online2/pogop/mystery_solitaire/SpinTopGamesLauncher.cab (SpinTop Games Launcher) O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} https://www.msishopper.net/site/ICResources/ImageUploader3.cab (Aurigma Image Uploader 3.0 Control) O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} http://clubgames.pogo.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab (CPlayFirstzenerchiControl Object) O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://download-games.pogo.com/online2/pogo/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab (CPlayFirstddfotgControl Object) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} http://clubgames.pogo.com/online2/pogo/parking_dash/parkingdash.1.0.0.15.cab (CPlayFirstParkingDasControl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E76E1D9-062E-4EE5-A1AE-373FC027275D}: DhcpNameServer = 192.168.1.1 71.252.0.12 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/04/24 22:10:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe [2013/04/23 21:44:41 | 000,000,000 | ---D | C] -- C:\FRST [2013/04/22 18:08:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/04/05 08:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2013/04/01 19:19:36 | 000,000,000 | ---D | C] -- C:\1fca4a979587afe1b176b92e79876fe7 [2005/08/29 23:17:12 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/04/24 22:10:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe [2013/04/24 22:03:37 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2438911799-3484224873-888160877-1008.job [2013/04/24 22:03:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/24 22:03:19 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2438911799-3484224873-888160877-1008.job [2013/04/24 22:01:41 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2013/04/24 22:01:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/04/24 22:01:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/24 22:01:10 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys [2013/04/23 20:22:44 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/04/23 15:46:13 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/04/22 20:40:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2013/04/12 19:42:03 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2013/04/10 03:30:23 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/04/10 03:12:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/04/10 03:11:31 | 000,000,215 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2013/04/05 08:20:18 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/04/10 03:11:31 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2012/12/27 14:20:03 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp [2012/12/27 14:19:52 | 000,018,252 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sound.mp3 [2012/12/27 14:19:47 | 000,114,943 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg [2012/08/16 17:49:15 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\dt.dat [2011/10/22 17:23:56 | 000,000,460 | ---- | C] () -- C:\Program Files\1022201117235656.bat [2011/09/19 11:18:08 | 000,000,446 | ---- | C] () -- C:\Program Files\0919201111180848.bat [2011/09/01 17:23:05 | 000,000,453 | ---- | C] () -- C:\Program Files\0901201117230585.bat [2011/08/06 23:19:05 | 000,000,460 | ---- | C] () -- C:\Program Files\0806201123190535.bat [2011/07/27 22:33:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI [2011/07/26 19:45:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI [2011/07/15 00:34:28 | 000,003,183 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml [2011/01/05 13:19:01 | 000,000,481 | ---- | C] () -- C:\Program Files\0105201112190110.bat [2010/12/13 00:18:09 | 000,000,477 | ---- | C] () -- C:\Program Files\1212201023180917.bat [2010/12/08 12:34:41 | 000,000,451 | ---- | C] () -- C:\Program Files\1208201011343978.bat [2010/12/07 00:18:25 | 000,000,475 | ---- | C] () -- C:\Program Files\1206201023182493.bat [2010/12/06 19:04:44 | 000,000,458 | ---- | C] () -- C:\Program Files\1206201018044450.bat [2010/11/03 12:06:06 | 000,000,465 | ---- | C] () -- C:\Program Files\1103201012060648.bat [2010/10/11 17:06:18 | 000,000,473 | ---- | C] () -- C:\Program Files\1011201017061876.bat [2010/10/04 17:09:01 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat [2010/09/30 16:49:16 | 000,000,450 | ---- | C] () -- C:\Program Files\0930201016491632.bat [2010/09/22 14:30:57 | 000,000,458 | ---- | C] () -- C:\Program Files\0922201014305710.bat [2010/09/21 14:36:16 | 000,000,469 | ---- | C] () -- C:\Program Files\0921201014361620.bat [2010/09/21 13:28:16 | 000,000,455 | ---- | C] () -- C:\Program Files\0921201013281673.bat [2010/09/17 00:08:32 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\GoToAssistDownloadHelper.exe [2010/09/10 00:04:10 | 000,000,459 | ---- | C] () -- C:\Program Files\091020100041089.bat [2009/06/01 16:32:54 | 000,007,350 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\slot1.mm1 [2007/12/05 11:26:34 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT [2007/12/05 11:18:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PPD Plugins [2007/12/05 11:18:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Percussion Kit [2007/12/05 11:18:30 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT [2007/12/05 11:18:30 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Piano Hard [2005/08/29 23:16:14 | 000,000,424 | ---- | C] () -- C:\Program Files\Shortcut to HijackThis.lnk [2005/03/20 13:07:39 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JPR.{PB [2005/03/20 13:07:39 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JCM.{PB [2005/03/19 18:36:11 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/03/19 18:34:14 | 000,010,589 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ml1.srt [2005/03/19 18:34:14 | 000,010,436 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ml2.srt [2005/03/19 18:34:14 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat [2005/03/19 18:34:12 | 006,291,456 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.bak [color=#E56717]========== ZeroAccess Check ==========[/color] [2013/04/04 20:00:12 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$3048fe6d168e90a05f0913174229d88d\@ [2013/04/04 20:00:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$3048fe6d168e90a05f0913174229d88d\L [2013/04/04 20:00:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$3048fe6d168e90a05f0913174229d88d\U [2004/11/05 04:45:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\RECYCLER\S-1-5-21-2438911799-3484224873-888160877-1008\$3048fe6d168e90a05f0913174229d88d\n. -- File not found [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2004/11/05 10:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView [2012/08/06 22:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\20000Leagues [2010/03/23 00:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist [2009/06/28 03:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1 [2011/09/16 22:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar [2011/12/17 01:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze [2011/05/28 16:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aliasworlds [2013/03/25 20:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search [2012/10/31 15:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013 [2011/07/19 14:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AWEM [2010/02/15 15:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive [2008/10/17 13:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Beanbag Studios [2009/10/07 02:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan [2011/09/01 13:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games [2010/06/09 04:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brawsome [2009/06/23 16:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Candy Factory [2011/07/15 18:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CannyGames [2009/08/10 10:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge [2011/09/23 22:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games [2010/09/17 00:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2011/09/12 01:57:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/07/01 01:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CropBusters [2011/10/15 22:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DragonsEye Studios [2009/08/08 10:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA [2009/08/23 12:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord [2007/12/05 11:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2011/07/12 19:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise [2009/09/28 09:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2 [2009/06/02 03:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum [2010/01/01 20:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2 [2009/06/15 22:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills [2011/10/31 03:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes [2010/02/26 02:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty [2010/03/09 00:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2 [2011/05/31 01:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3 [2012/05/02 21:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America [2011/10/22 18:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica [2011/11/08 01:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar [2011/06/08 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia [2011/06/18 00:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome [2011/09/17 01:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Vikings [2011/07/24 17:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games [2009/09/28 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games [2012/11/05 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games [2010/06/19 04:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames [2009/08/15 23:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games [2012/07/14 00:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo [2011/07/07 22:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GabCab [2009/09/27 12:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2011/07/17 23:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamePlastic [2009/08/13 13:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon [2010/09/22 13:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital [2010/01/15 23:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamersDigital [2007/06/14 09:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap [2009/08/17 20:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXzone [2012/06/12 19:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames [2008/08/16 13:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet [2010/01/06 02:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA [2009/08/01 17:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games [2010/09/21 13:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii [2009/09/19 18:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games [2011/06/29 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games [2010/01/01 19:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3 [2012/04/20 23:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft [2011/01/05 13:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios [2010/03/28 01:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express [2009/06/24 07:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams [2011/08/09 00:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium [2009/08/17 00:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios [2012/06/05 02:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands [2011/06/16 23:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWinG [2009/07/27 01:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear [2011/07/22 15:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingdom [2011/01/30 17:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany [2009/06/10 02:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia [2011/07/10 20:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster Software [2010/02/22 13:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom [2009/08/09 12:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mevo [2013/04/24 22:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2011/08/05 13:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo [2005/03/23 21:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2011/07/18 11:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople [2009/08/11 17:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NannyMania [2010/09/06 01:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks [2010/02/24 22:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft [2011/06/14 22:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft-Breeze [2007/12/05 11:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2011/09/01 13:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media [2011/07/30 21:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles [2011/06/10 13:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Play [2012/04/27 00:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2009/08/16 18:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond [2011/09/28 12:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment [2009/08/31 21:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games [2011/01/10 01:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2010/02/15 00:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros [2010/04/14 14:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pogo [2011/12/13 01:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC [2006/09/15 00:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2009/09/23 17:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella [2009/06/09 00:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Product [2009/06/09 00:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick [2009/08/16 22:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raptisoft [2010/01/01 16:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum [2011/09/25 13:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RescueFrenzy [2011/06/12 20:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix [2011/07/25 23:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio [2011/09/19 10:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2008/05/28 13:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave [2009/12/28 16:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS [2010/05/11 01:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit [2009/07/30 01:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games [2010/02/20 01:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure [2010/06/11 04:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames [2011/01/01 18:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames [2009/08/24 21:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch [2012/04/19 23:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\T1 Games [2012/04/08 14:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011/12/19 01:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio [2010/12/21 13:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Terrafarmers [2011/07/19 17:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation [2010/01/31 16:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries [2012/10/31 00:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogy [2009/08/18 23:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TonkyPonky [2010/09/21 12:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Try2 [2009/06/19 00:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick [2007/12/05 11:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2010/02/17 22:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft [2007/12/05 09:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2011/09/03 19:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2011/08/08 17:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom [2004/11/05 10:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView [2012/11/08 14:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Base Services ==========[/color] SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG) SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser) SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc) SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp) SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache) SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog) SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost) SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility) SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter) SRV - [2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ) SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService) SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent) SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver) SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin) SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv) SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon) SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman) SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay) SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage) SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto) SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan) SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc) SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon) SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs) SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc) SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver) SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection) SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice) SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule) SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts) SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv) SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService) SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes) SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS) SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv) SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer) SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt) SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi) SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc) SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC) SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation) [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2005/08/29 11:52:39 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\HijackThis.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe [color=#A23BEC]< MD5 for: SERVICES >[/color] [2004/08/10 00:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services [color=#A23BEC]< MD5 for: SERVICES._ >[/color] [2004/08/09 17:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\services._ [color=#A23BEC]< MD5 for: SERVICES.EX_ >[/color] [2004/08/09 17:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\WINDOWS\I386\services.ex_ [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe [2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe [2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\ERDNT\cache\services.exe [2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe [color=#A23BEC]< MD5 for: SERVICES.LNK >[/color] [2004/11/05 04:51:31 | 000,001,602 | ---- | M] () MD5=495780BCE12856BE230CA0FB91D3DAA1 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk [color=#A23BEC]< MD5 for: SERVICES.MS_ >[/color] [2004/08/09 17:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\services.ms_ [color=#A23BEC]< MD5 for: SERVICES.MSC >[/color] [2004/08/09 17:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [2004/08/09 17:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [2004/08/09 17:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/09 17:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2004/08/09 17:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/09 17:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2004/08/09 17:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< MD5 for: WINSOCK.DL_ >[/color] [2004/08/09 17:00:00 | 000,001,516 | ---- | M] () MD5=DBE00AC2D306E49623D471A292EF25DC -- C:\WINDOWS\I386\winsock.dl_ [color=#A23BEC]< MD5 for: WINSOCK.DLL >[/color] [2004/08/09 17:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll [2004/08/09 17:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll [color=#A23BEC]< >[/color] [2004/11/05 03:24:53 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2004/11/05 04:56:52 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2010/02/15 15:46:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2010/02/15 15:46:33 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012/10/24 16:48:21 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2012/10/24 16:55:26 | 000,000,308 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2438911799-3484224873-888160877-1008.job [2012/10/24 16:55:27 | 000,000,300 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2438911799-3484224873-888160877-1008.job [color=#A23BEC]< >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5E0BCE9 @Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5095D8B1 @Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42942A7F @Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6B1AD87 @Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3112F12 @Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA474A9 @Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FA3210E @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCA33695 @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FFBA7B1 @Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77271429 @Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA7FA57 @Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B059D79 @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:531637AD @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F46E9A6 @Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F6D130 @Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E6845BC @Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C640E10C @Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5743A858 @Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E169C6B3 @Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F16601E @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34BCB6A9 @Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F9D57FD @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40F40566 @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E424252 @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237EF7B2 @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01EDA307 @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6 @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31380BB4 @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B7B9EA @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C134254 @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86AE00C6 @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04E853D4 @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0256104B @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA585D8D @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AA80927 @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D3FF2E1 @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE41A50B @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9950163C @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FCCCD6D @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE40B295 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5808D58 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43ABA97D @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5304CF6F @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B825050 @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D761AB3 @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98A71B94 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FF05345 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1ECB0F6C @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C504A4D @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C93E55E @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E196EC71 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA9D42A5 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC57032B @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6093F383 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:002640E3 @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8AB98F0 @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE02DA6F @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2D5608 @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D11302A @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42275BC2 @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC521608 @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F75C09E @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08628477 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9D68B36 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8E51D31 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5F503C @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF91EC @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C0887BF @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F08F4B0 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE91125 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D3C27E1 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ACDADE10 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FCC54B7 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9373B271 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A68B9D77 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3AFC61E @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF05C70 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77783B17 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:593E515D < End of report >