Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I believe I have a keylogger on my computer.

Started by Nick hehe , Sep 27 2009 11:09 PM

  • Please log in to reply

#1
Nick hehe
Posted 27 September 2009 - 11:09 PM

Nick hehe

    New Member

  • Member
  • Pip
  • 2 posts
Alright, as stated in the description. I have a keylogger on my computer. My younger brother accepted a file from an unknown person earlier today, and the .exe happened to infect my computer with multiple viruses including a keylogger which I was told was untraceable.

I have done multiple scans on my computer, and have come up with little to nothing.

The keylogger that I believe I am infected with has a nickname called "Poison Ivy" or some variant of that.

Maleware Bytes Report (I have done 3 of these today, this is the first one):
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

9/27/2009 7:13:13 PM
mbam-log-2009-09-27 (19-13-13).txt

Scan type: Quick Scan
Objects scanned: 106951
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b2ae9c0-1555-4c92-905a-531532f15698} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoaccessactivex.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IEAntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\all\Application Data\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Quarantine (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Registry Backups (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Settings (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\PCSecureSystem (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\PCSecureSystem\Logs (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Log\2007 Oct 13 - 09_37_15 AM_906.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Log\2007 Oct 13 - 09_37_32 AM_281.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Log\2007 Oct 13 - 11_07_46 AM_125.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Log\2007 Oct 13 - 11_07_53 AM_046.log (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Settings\CustomScan.stg (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Settings\IgnoreList.stg (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Settings\ScanInfo.stg (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Application Data\AntiSpywareBot\Settings\Settings.stg (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\PCSecureSystem\avtasks.dat (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\PCSecureSystem\Logs\av.log (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\PCSecureSystem\Logs\ga6Support.log (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\all\Start Menu\Programs\IE AntiVirus 3.3.lnk (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Step 2:
I have run AVG, the newer version of it. That unveiled nothing in a complete system scan.

Step 3:
Updated to the most recent version.

Step 4:
Have rebooted multiple times.

Step 5:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/28 01:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA787D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B5F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA640D000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys" at address 0xa7a8a8ac

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys" at address 0xa7a8a812

==EOF==

Step 6:
OTL logfile created on: 9/28/2009 12:57:57 AM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\all\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 208.66 Mb Available Physical Memory | 41.56% Memory free
1.20 Gb Paging File | 0.80 Gb Available in Paging File | 66.66% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 45.19 Gb Free Space | 64.72% Space Free | Partition Type: NTFS
Drive D: | 586.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D508N091
Current User Name: all
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/10/29 04:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2009/09/27 17:57:25 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2005/10/20 18:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe
PRC - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2009/09/27 17:57:44 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/27 17:57:44 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2005/10/20 18:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe
PRC - [2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsvc.exe
PRC - [2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqtgsvc.exe
PRC - [2009/05/19 01:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 13:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2004/08/10 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2004/08/10 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2009/08/04 00:05:06 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/04 00:05:06 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/28 00:56:32 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\all\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Disabled | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/05/30 08:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Disabled | Stopped])
SRV - [2009/09/27 17:57:30 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Disabled | Stopped])
SRV - [2009/09/27 17:57:25 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2004/08/10 07:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2005/10/20 18:55:50 | 00,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\McrdSvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/04/13 20:12:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsvc.exe -- (MSMQ [Auto | Running])
SRV - [2008/04/13 20:12:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqtgsvc.exe -- (MSMQTriggers [Auto | Running])
SRV - [2004/11/19 13:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/13 20:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll -- (NWCWorkstation [Auto | Running])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
SRV - [2005/10/20 18:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe -- (RMSvc [Auto | Running])
SRV - [2007/11/06 16:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [Disabled | Stopped])
SRV - [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2008/04/13 20:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Disabled | Stopped])
SRV - [2008/04/13 20:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.1:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "GoogleCOM"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "Www.Myspace.Com"
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://www.google-se...ient&gfns=1&q="

FF - user.js..browser.search.selectedEngine: "GoogleCOM"
FF - user.js..keyword.URL: "http://www.google-se...ient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/12 03:00:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/09/27 17:57:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/22 03:13:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/07 12:44:34 | 00,000,000 | ---D | M]

[2008/06/24 11:36:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\mozilla\Extensions
[2008/06/24 11:36:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/27 18:07:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\mozilla\Firefox\Profiles\1mrqhdmd.default\extensions
[2009/09/13 14:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\mozilla\Firefox\Profiles\1mrqhdmd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/11 11:22:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\mozilla\Firefox\Profiles\1mrqhdmd.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/01/02 04:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\mozilla\Firefox\Profiles\1mrqhdmd.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/09/14 12:08:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\mozilla\Firefox\Profiles\1mrqhdmd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/01/02 04:49:30 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\all\Application Data\Mozilla\FireFox\Profiles\1mrqhdmd.default\searchplugins\aim-search.xml
[2008/06/24 11:36:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 00:05:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/04 00:05:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 00:05:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/09/26 12:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2009/08/04 00:05:09 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/01/19 08:20:00 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/07 12:44:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/07 12:44:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/07 12:44:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/07 12:44:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/07 12:44:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/07 12:44:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/07 12:44:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/08/29 10:01:22 | 00,106,348 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2008/07/18 19:14:06 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/18 19:14:06 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/18 19:14:06 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 13:47:51 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/20 17:26:51 | 00,001,307 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-com.xml
[2008/07/18 19:14:06 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/18 19:14:06 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [pdfSaver3] File not found
O4 - HKLM..\Run: [sys324] C:\WINDOWS\System32\sys43.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\all\Start Menu\Programs\AOL\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/05/10 23:13:12 | 00,000,046 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{41a7c60d-7b58-11dc-a26c-00038a000015}\Shell\AutoRun\command - "" = E:\Centrum\Centrum.exe -- File not found
O33 - MountPoints2\{9298f538-8c62-11de-933d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{9298f538-8c62-11de-933d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9298f538-8c62-11de-933d-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2000/05/20 15:36:50 | 00,032,768 | R--- | M] ()
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2000/05/20 15:36:50 | 00,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[6 C:\Documents and Settings\all\Application Data\*.tmp files]
[2009/09/28 00:56:32 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\all\Desktop\OTL.exe
[2009/09/28 00:53:08 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\all\Desktop\settings.dat
[2009/09/28 00:52:53 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\all\Desktop\RootRepeal.exe
[2009/09/28 00:42:08 | 33,961,728 | ---- | C] () -- C:\Documents and Settings\all\Desktop\avira_antivir_personal_en.exe
[2009/09/28 00:38:29 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\all\Desktop\avast_home_setup.exe
[2009/09/28 00:37:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/28 00:37:01 | 00,000,621 | ---- | C] () -- C:\Documents and Settings\all\Desktop\NTREGOPT.lnk
[2009/09/28 00:37:01 | 00,000,602 | ---- | C] () -- C:\Documents and Settings\all\Desktop\ERUNT.lnk
[2009/09/28 00:36:55 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/28 00:36:35 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\all\Desktop\erunt_setup.exe
[2009/09/28 00:34:59 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\all\Desktop\SysRestorePoint.exe
[2009/09/28 00:29:10 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\all\Desktop\TFC.exe
[2009/09/27 23:46:26 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/09/27 23:41:30 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\all\Local Settings\Application Data\housecall.guid.cache
[2009/09/27 21:45:47 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/09/27 21:37:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\My Documents\Downloads
[2009/09/27 21:32:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Temp
[2009/09/27 21:03:39 | 00,295,538 | ---- | C] () -- C:\Documents and Settings\all\My Documents\cc_20090927_210337.reg
[2009/09/27 19:17:23 | 00,000,000 | RHSD | C] -- C:\WINDOWS\sysl3
[2009/09/27 19:10:40 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/27 19:02:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Malwarebytes
[2009/09/27 19:02:56 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 19:02:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/27 19:02:51 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/27 19:02:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/27 19:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/27 17:59:11 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/27 17:59:10 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/27 17:59:01 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/27 17:58:58 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/27 17:58:04 | 41,851,550 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/27 17:58:02 | 00,113,133 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/27 17:58:00 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/27 17:57:54 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/27 17:57:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/09/27 17:57:22 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/09/27 17:57:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/09/27 17:47:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\AVG8
[2009/09/27 13:10:00 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2009/09/27 12:06:03 | 00,143,330 | ---- | C] () -- C:\WINDOWS\System32\sys43
[2009/09/27 12:05:48 | 00,110,627 | ---- | C] () -- C:\WINDOWS\System32\sys43.exe
[2009/09/15 19:02:32 | 01,695,654 | ---- | C] () -- C:\Documents and Settings\all\My Documents\cc_20090915_190230.reg
[2009/09/03 17:54:54 | 00,041,313 | ---- | C] () -- C:\Documents and Settings\all\Desktop\Playlist..m3u
[2009/09/02 14:01:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Desktop\Music Stuff
[2009/09/02 14:01:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Desktop\Games n' [bleep]
[2009/09/02 14:00:09 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\all\Desktop\PS.lnk
[2009/08/27 20:57:18 | 00,000,079 | ---- | C] () -- C:\Documents and Settings\all\Application Data\RSBot Accounts.ini
[2009/08/19 16:46:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Desktop\Music1
[2009/08/18 21:41:39 | 00,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2009/08/15 00:48:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2009/08/07 12:45:04 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/08/07 12:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/08/05 19:14:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/05 19:14:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/05 19:14:06 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/05 12:59:10 | 00,054,147 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2009/08/05 12:59:03 | 00,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2009/08/05 12:59:02 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2009/08/05 12:10:43 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/08/04 17:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/04 17:27:06 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update(2)
[2009/08/03 15:38:07 | 00,000,000 | ---D | C] -- C:\Program Files\StealthBot
[2009/08/03 01:57:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Desktop\Music
[2009/07/16 00:31:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Desktop\Music3
[2009/07/07 15:57:42 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\all\My Documents\Default.rdp
[2009/06/30 14:58:48 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/06/21 15:27:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\VT_Software
[2009/06/14 11:58:50 | 00,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/06/09 10:21:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\My Documents\AIMMusicLink
[2009/06/09 10:21:51 | 00,000,000 | ---D | C] -- C:\Program Files\AIM Music Link
[2009/05/25 16:10:14 | 00,000,000 | ---D | C] -- C:\Program Files\Garena
[2009/05/25 12:54:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Desktop\Stuff
[2009/05/25 12:27:33 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/05/23 16:36:17 | 00,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2009/05/17 23:35:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/05/10 12:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009/05/08 19:20:53 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/05/08 19:16:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2009/05/08 19:12:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\ImTOO Software Studio
[2009/04/17 03:04:25 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/04/08 18:07:10 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/22 11:21:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Music
[2009/03/02 16:34:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\OpenOffice.org
[2009/03/02 16:32:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2009/03/02 16:29:28 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/01/29 22:20:41 | 00,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/01/27 09:40:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\VIPv3
[2009/01/27 09:40:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Stardock
[2009/01/19 08:20:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\PMB Files
[2009/01/19 08:20:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/19 08:19:45 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/01/16 18:57:17 | 00,041,346 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009/01/16 18:57:16 | 00,126,976 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2009/01/16 18:57:16 | 00,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif
[2009/01/16 18:54:15 | 00,000,000 | ---D | C] -- C:\Program Files\Warcraft III
[2009/01/14 04:01:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/01/13 13:00:16 | 00,032,768 | ---- | C] (L1F07BSCS0022) -- C:\WINDOWS\System32\VistaProgBar.ocx
[2009/01/13 10:42:37 | 00,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{221B383D-377C-487F-86F2-F25E66FB7E6D}.job
[2009/01/13 10:21:13 | 08,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/01/12 18:22:47 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2009/01/12 15:16:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/01/06 20:46:18 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/01/02 04:48:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/01/02 04:47:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/12/16 13:34:36 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2008/12/16 13:34:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2008/12/03 16:45:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2008/11/12 20:56:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Screaming Bee
[2008/10/12 12:15:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\MySpace
[2008/09/30 08:25:11 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2008/09/30 07:40:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2008/09/30 07:36:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Microsoft Help
[2008/09/30 07:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/09/30 07:11:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\GetRightToGo
[2008/09/29 19:58:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Opera
[2008/09/29 19:58:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Opera
[2008/09/29 14:50:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/09/24 19:43:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/09/24 19:42:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008/09/24 19:42:04 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/09/24 19:37:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/08/19 06:43:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/08/19 06:29:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/08/19 06:29:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/08/19 06:29:45 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2008/08/19 06:24:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/08/19 06:19:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/08/19 06:10:47 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/08/13 15:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/07/12 03:36:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/07/12 03:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2008/07/12 03:34:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/07/06 23:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\My Documents\AIMLogger
[2008/07/02 17:27:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Uniblue
[2008/07/02 17:27:12 | 00,000,266 | ---- | C] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2008/07/02 17:27:11 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
[2008/06/24 11:36:05 | 00,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Internet.lnk
[2008/06/24 11:35:59 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/05/10 21:09:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Bcgsoft
[2008/05/06 14:23:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Apple Computer
[2008/05/06 14:20:06 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/05/06 14:20:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Apple
[2008/05/06 14:19:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/05/06 14:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/05/06 14:18:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Apple Computer
[2008/04/20 20:26:52 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/04/20 20:26:35 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/04/18 19:33:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2008/04/15 13:08:43 | 00,205,848 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\Threed32.ocx
[2008/04/14 16:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL
[2008/03/29 15:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2008/03/29 14:46:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\all\Application Data\ijjigame
[2008/03/29 03:01:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/03/28 22:19:26 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2008/03/28 22:19:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/03/25 08:12:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2008/02/29 20:05:27 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2008/01/11 18:52:42 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2007/11/17 18:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar
[2007/11/17 18:55:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
[2007/10/24 20:09:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Lavasoft
[2007/10/13 14:46:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Grisoft
[2007/10/13 14:46:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/10/13 14:46:11 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2007/09/10 15:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\WinRAR
[2007/09/10 15:47:13 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2007/08/16 12:30:38 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2007/08/16 04:11:32 | 00,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2007/08/15 18:47:03 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2007/08/13 17:02:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/03 19:35:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2007/07/23 13:20:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\acccore
[2007/07/23 13:15:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\AOL OCP
[2007/07/23 13:15:11 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6
[2007/06/22 15:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2007/05/11 16:00:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Atari
[2007/05/05 21:24:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\My Documents\Random [bleep]
[2007/05/05 02:43:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/05/05 02:42:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Azureus
[2007/04/14 20:53:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\teamspeak2
[2007/04/13 20:44:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Mozilla
[2007/04/13 20:44:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Mozilla
[2007/04/13 20:34:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/04/13 20:20:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Google
[2007/04/13 20:10:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\runtime
[2007/04/13 20:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2007/03/25 21:22:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Viewpoint
[2007/03/24 10:38:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Viewpoint
[2007/03/21 19:49:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\IMVU
[2007/03/06 21:06:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\FrostWire
[2007/02/19 19:40:16 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\all\Application Data\yahoo!
[2007/02/19 14:07:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2007/02/08 20:49:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Viewpoint
[2007/02/04 01:25:10 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2007/01/30 21:03:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/01/14 15:56:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Software602
[2007/01/10 20:48:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2006/12/26 20:43:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SunnComm Shared
[2006/12/26 20:23:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/12/26 20:23:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\ArcSoft
[2006/12/26 20:01:21 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2006/12/20 20:45:22 | 00,000,000 | ---D | C] -- C:\Program Files\PDF
[2006/12/20 20:44:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\602Documents
[2006/12/20 20:44:25 | 00,000,000 | ---D | C] -- C:\Program Files\Software602
[2006/12/20 20:44:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\soft602
[2006/12/16 10:22:32 | 00,000,000 | ---D | C] -- C:\Program Files\CA
[2006/12/02 16:37:28 | 00,000,000 | ---D | C] -- C:\Program Files\AOL
[2006/11/28 22:15:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2006/11/28 22:14:37 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2006/11/28 22:14:25 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2006/11/28 22:14:11 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2006/11/16 21:39:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Google
[2006/11/16 21:39:19 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2006/11/16 19:45:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2006/09/30 15:29:25 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2006/09/01 08:44:04 | 00,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat
[2006/08/18 18:35:17 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2006/08/11 20:49:39 | 00,073,728 | ---- | C] () -- C:\WINDOWS\graphicsacc.exe
[2006/08/11 20:49:39 | 00,060,364 | ---- | C] () -- C:\WINDOWS\hooks.exe
[2006/08/11 20:49:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\commodio
[2006/08/11 20:38:58 | 00,233,472 | ---- | C] (Stirling Technologies, Inc.) -- C:\WINDOWS\UNINST16.EXE
[2006/08/10 17:39:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2006/08/10 17:39:04 | 00,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2006/08/10 17:37:18 | 00,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2006/08/10 17:37:11 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2006/08/10 17:37:11 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2006/08/10 17:37:11 | 00,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2006/08/08 20:02:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Ventrilo
[2006/08/08 20:02:48 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2006/08/08 20:02:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2006/08/04 17:23:17 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2006/07/17 20:47:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Help
[2006/07/17 20:47:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Help
[2006/07/07 18:35:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2006/07/07 18:10:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2006/06/26 21:06:01 | 00,001,626 | ---- | C] () -- C:\WINDOWS\ST6UNST.000
[2006/05/03 15:11:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/04/21 18:05:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\WMTools Downloaded Files
[2006/04/18 15:34:24 | 00,000,940 | ---- | C] () -- C:\Documents and Settings\all\Desktop\Computer.lnk
[2006/03/01 16:22:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Otto
[2006/03/01 16:22:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Otto
[2006/02/28 14:19:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/02/09 20:11:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\CyberLink
[2006/02/09 20:11:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\PowerDVD
[2006/01/28 11:28:22 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\all\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/27 17:09:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2006/01/21 19:27:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2006/01/10 22:00:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\AdobeUM
[2006/01/10 22:00:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Adobe
[2006/01/10 22:00:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Adobe
[2006/01/09 20:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\toaster
[2006/01/09 20:01:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2006/01/09 20:00:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\McAfee.com Personal Firewall
[2006/01/09 19:58:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2006/01/07 19:54:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Identities
[2006/01/07 18:30:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\AOL
[2006/01/07 18:30:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\You've Got Pictures Screensaver
[2006/01/07 18:29:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AolCoach
[2006/01/07 17:56:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\AOL
[2006/01/07 17:53:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2006/01/06 20:18:41 | 00,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2006/01/04 21:37:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Sonic
[2006/01/04 21:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Leadertech
[2006/01/03 20:23:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2005/12/26 15:52:26 | 00,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2005/12/26 13:05:25 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\all\Application Data\PFP120JPR.{PB
[2005/12/26 13:05:25 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\all\Application Data\PFP120JCM.{PB
[2005/12/26 13:05:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Corel
[2005/12/26 01:56:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Macromedia
[2005/12/26 01:56:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\PlayFirst
[2005/12/25 18:21:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2005/12/25 18:16:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Corel Photo Album
[2005/12/25 18:16:31 | 00,103,592 | ---- | C] () -- C:\Documents and Settings\all\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/12/25 18:16:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Corel Photo Album
[2005/12/25 17:35:28 | 05,298,452 | -H-- | C] () -- C:\Documents and Settings\all\Local Settings\Application Data\IconCache.db
[2005/12/25 17:35:28 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\all\Local Settings\Application Data\fusioncache.dat
[2005/12/25 17:35:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Identities
[2005/12/25 17:35:27 | 00,000,000 | --SD | C] -- C:\Documents and Settings\all\Application Data\Microsoft
[2005/12/25 17:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Wildtangent
[2005/12/25 17:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Musicmatch
[2005/12/25 17:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\Microsoft
[2005/12/25 17:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\ApplicationHistory
[2005/12/25 17:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2005/12/25 17:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\all\Application Data\Sun
[2005/12/25 17:32:25 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2005/12/16 13:51:36 | 00,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/16 13:50:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\wt
[2005/12/16 13:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\Dell
[2005/12/16 13:48:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2005/12/16 13:47:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2005/12/16 13:47:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\occache
[2005/12/16 13:47:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2005/12/16 13:47:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2005/12/16 13:47:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2005/12/16 13:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2005/12/16 13:46:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2005/12/16 13:46:22 | 00,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/16 13:44:11 | 00,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2005/12/16 13:44:03 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2005/12/16 13:44:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2005/12/16 13:42:24 | 00,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2005/12/16 13:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2005/12/16 13:41:26 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2005/12/16 13:40:04 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2005/12/16 13:40:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2005/12/16 13:38:58 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2005/12/16 13:29:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2005/12/16 13:25:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2005/12/16 13:24:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/16 13:24:28 | 00,787,512 | ---- | C] () -- C:\WINDOWS\Dell.bmp
[2005/12/16 13:24:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2005/08/16 23:03:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2005/08/16 22:59:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2005/08/16 06:50:16 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2005/08/16 06:49:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2005/08/16 06:49:41 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2005/08/16 06:48:31 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 06:43:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2005/08/16 06:43:45 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2005/08/16 06:43:45 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2005/08/16 06:42:49 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2005/08/16 06:40:59 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2005/08/16 06:40:59 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2005/08/16 06:40:59 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2005/08/16 06:40:51 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2005/08/16 06:40:51 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2005/08/16 06:40:51 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2005/08/16 06:40:44 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2005/08/16 06:40:23 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2005/08/16 06:40:23 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2005/08/16 06:40:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2005/08/16 06:40:20 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2005/08/16 06:40:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2005/08/16 06:40:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2005/08/16 06:40:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2005/08/16 06:40:13 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2005/08/16 06:40:12 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2005/08/16 06:40:11 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2005/08/16 06:40:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2005/08/16 06:39:15 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2005/08/16 06:38:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2005/08/16 06:38:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2005/08/16 06:38:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2005/08/16 06:37:47 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2005/08/16 06:37:28 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2005/08/16 06:37:25 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2005/08/16 06:37:25 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2005/08/16 06:37:25 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2005/08/16 06:37:25 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2005/08/16 06:37:25 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2005/08/16 06:37:25 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2005/08/16 06:37:25 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2005/08/16 06:37:25 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2005/08/16 06:37:25 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2005/08/16 06:37:25 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2005/08/16 06:37:25 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2005/08/16 06:37:25 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2005/08/16 06:37:25 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2005/08/16 06:37:25 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2005/08/16 06:37:25 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2005/08/16 06:37:23 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2005/08/16 06:37:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2005/08/16 06:33:38 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2005/08/16 06:33:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2005/08/16 06:33:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2005/08/16 06:33:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2005/08/16 06:33:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2005/08/16 06:30:11 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/08/16 06:30:10 | 01,062,963 | ---- | C] () -- C:\WINDOWS\setupapi.del
[2005/08/16 06:28:05 | 00,355,489 | ---- | C] () -- C:\WINDOWS\setupact.del
[2005/08/16 06:28:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\setuperr.del
[2005/08/16 06:28:03 | 00,964,557 | ---- | C] () -- C:\WINDOWS\setuplog.del
[2005/08/16 06:22:46 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2005/08/16 06:22:46 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2005/08/16 06:22:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2005/08/16 06:22:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2005/08/16 06:18:53 | 00,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi
[2005/08/16 06:18:46 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2005/08/16 06:18:46 | 00,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2005/08/16 06:18:45 | 00,032,674 | ---- | C] () -- C:\WINDOWS\System32\winhelp.hlp
[2005/08/16 06:18:43 | 01,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2005/08/16 06:18:43 | 01,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu
[2005/08/16 06:18:43 | 01,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld
[2005/08/16 06:18:43 | 00,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu
[2005/08/16 06:18:43 | 00,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve
[2005/08/16 06:18:43 | 00,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita
[2005/08/16 06:18:43 | 00,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra
[2005/08/16 06:18:43 | 00,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn
[2005/08/16 06:18:43 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve
[2005/08/16 06:18:43 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld
[2005/08/16 06:18:43 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita
[2005/08/16 06:18:43 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra
[2005/08/16 06:18:43 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn
[2005/08/16 06:18:43 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu
[2005/08/16 06:18:43 | 00,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu
[2005/08/16 06:18:43 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\wiasf.ax
[2005/08/16 06:18:43 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm
[2005/08/16 06:18:43 | 00,001,129 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe
[2005/08/16 06:18:42 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\VBICodec.ax
[2005/08/16 06:18:42 | 00,089,588 | ---- | C] () -- C:\WINDOWS\System32\unicode.nls
[2005/08/16 06:18:42 | 00,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom
[2005/08/16 06:18:41 | 00,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep
[2005/08/16 06:18:41 | 00,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep
[2005/08/16 06:18:41 | 00,000,862 | ---- | C] () -- C:\WINDOWS\System32\termcap
[2005/08/16 06:18:40 | 00,046,133 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2005/08/16 06:18:37 | 00,262,148 | ---- | C] () -- C:\WINDOWS\System32\sortkey.nls
[2005/08/16 06:18:37 | 00,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2005/08/16 06:18:36 | 00,240,120 | ---- | C] () -- C:\WINDOWS\System32\setup.bmp
[2005/08/16 06:18:36 | 00,059,167 | ---- | C] () -- C:\WINDOWS\System\setup.inf
[2005/08/16 06:18:36 | 00,033,464 | ---- | C] () -- C:\WINDOWS\System32\services.msc
[2005/08/16 06:18:36 | 00,011,753 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2005/08/16 06:18:36 | 00,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2005/08/16 06:18:35 | 00,036,364 | ---- | C] () -- C:\WINDOWS\System32\secpol.msc
[2005/08/16 06:18:35 | 00,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2005/08/16 06:18:35 | 00,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 06:18:34 | 00,044,451 | R--- | C] () -- C:\WINDOWS\System32\rsop.msc
[2005/08/16 06:18:34 | 00,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2005/08/16 06:18:34 | 00,003,178 | ---- | C] () -- C:\WINDOWS\System32\rsvpcnts.h
[2005/08/16 06:18:34 | 00,003,167 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat
[2005/08/16 06:18:33 | 00,003,708 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs
[2005/08/16 06:18:33 | 00,003,010 | ---- | C] () -- C:\WINDOWS\System32\pschdcnt.h
[2005/08/16 06:18:33 | 00,001,818 | ---- | C] () -- C:\WINDOWS\System32\rasctrnm.h
[2005/08/16 06:18:33 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2005/08/16 06:18:17 | 00,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2005/08/16 06:18:04 | 00,240,640 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2005/08/16 06:18:04 | 00,000,075 | ---- | C] () -- C:\WINDOWS\System32\View Channels.scf
[2005/08/16 06:18:03 | 00,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif
[2005/08/05 16:02:00 | 00,224,256 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2005/07/27 00:11:50 | 00,055,296 | ---- | C] () -- C:\WINDOWS\System32\SQLServerManager.msc
[2003/11/24 01:02:00 | 00,225,280 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalTreeView6.ocx

========== Files - Modified Within 14 Days ==========

[6 C:\Documents and Settings\all\Application Data\*.tmp files]
[2009/09/30 15:11:41 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{221B383D-377C-487F-86F2-F25E66FB7E6D}.job
[2009/09/28 01:05:54 | 00,144,000 | ---- | M] () -- C:\WINDOWS\System32\sys43
[2009/09/28 00:56:32 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\all\Desktop\OTL.exe
[2009/09/28 00:53:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\all\Desktop\settings.dat
[2009/09/28 00:52:53 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\all\Desktop\RootRepeal.exe
[2009/09/28 00:43:36 | 33,961,728 | ---- | M] () -- C:\Documents and Settings\all\Desktop\avira_antivir_personal_en.exe
[2009/09/28 00:38:29 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\all\Desktop\avast_home_setup.exe
[2009/09/28 00:37:01 | 00,000,621 | ---- | M] () -- C:\Documents and Settings\all\Desktop\NTREGOPT.lnk
[2009/09/28 00:37:01 | 00,000,602 | ---- | M] () -- C:\Documents and Settings\all\Desktop\ERUNT.lnk
[2009/09/28 00:36:36 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\all\Desktop\erunt_setup.exe
[2009/09/28 00:35:00 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\all\Desktop\SysRestorePoint.exe
[2009/09/28 00:34:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/28 00:32:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/28 00:32:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/28 00:32:39 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/28 00:29:11 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\all\Desktop\TFC.exe
[2009/09/27 23:43:56 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/09/27 23:41:30 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\all\Local Settings\Application Data\housecall.guid.cache
[2009/09/27 21:03:44 | 00,295,538 | ---- | M] () -- C:\Documents and Settings\all\My Documents\cc_20090927_210337.reg
[2009/09/27 20:48:30 | 00,000,669 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/27 20:48:30 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/27 20:48:30 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/09/27 19:02:56 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 17:59:11 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/27 17:59:10 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/27 17:59:01 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/27 17:58:58 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/27 17:58:56 | 41,851,550 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/27 17:58:04 | 00,113,133 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/27 17:58:02 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/27 17:58:00 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/27 13:51:22 | 00,054,147 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2009/09/27 13:49:49 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/09/27 13:49:49 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/09/27 13:49:49 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/09/27 13:32:55 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo II.lnk
[2009/09/27 13:09:56 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2009/09/27 13:09:56 | 00,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2009/09/27 12:05:48 | 00,110,627 | ---- | M] () -- C:\WINDOWS\System32\sys43.exe
[2009/09/27 10:17:02 | 00,000,266 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/09/26 22:54:43 | 00,041,313 | ---- | M] () -- C:\Documents and Settings\all\Desktop\Playlist..m3u
[2009/09/26 15:23:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/15 19:02:44 | 01,695,654 | ---- | M] () -- C:\Documents and Settings\all\My Documents\cc_20090915_190230.reg
[2009/09/15 19:00:45 | 00,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Internet.lnk

========== LOP Check ==========

[6 C:\Documents and Settings\all\Application Data\*.tmp files]
[2009/09/27 19:13:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\all\Application Data
[2007/07/23 13:20:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\acccore
[2006/12/26 20:23:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\ArcSoft
[2007/05/11 16:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Atari
[2007/05/18 15:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Azureus
[2006/01/19 20:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Corel
[2005/12/25 18:16:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Corel Photo Album
[2006/02/09 20:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\CyberLink
[2008/04/26 19:40:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\FrostWire
[2008/09/30 08:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\GetRightToGo
[2007/10/13 14:46:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Grisoft
[2008/03/29 15:04:54 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\all\Application Data\ijjigame
[2009/05/08 19:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\ImTOO Software Studio
[2007/03/26 20:53:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\IMVU
[2006/01/04 21:37:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Leadertech
[2009/03/02 16:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\OpenOffice.org
[2008/09/29 19:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Opera
[2006/03/01 16:26:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Otto
[2005/12/26 01:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\PlayFirst
[2008/11/12 20:56:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Screaming Bee
[2007/01/19 14:42:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Software602
[2007/04/14 20:53:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\teamspeak2
[2008/07/04 16:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Uniblue
[2008/03/21 12:05:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Ventrilo
[2007/02/08 20:49:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\Viewpoint
[2006/01/07 18:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\all\Application Data\You've Got Pictures Screensaver
[2009/09/27 19:02:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/12 18:22:47 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2009/08/04 17:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/02 04:47:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/05/05 02:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/01/12 15:16:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2007/10/13 14:46:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/08/13 15:28:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2006/03/01 16:26:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2009/01/19 08:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/07/12 03:36:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/07/12 18:47:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2007/10/13 16:10:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/14 11:58:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/03/28 22:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/09/26 15:23:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/28 00:32:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/27 10:17:02 | 00,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/07/02 17:27:11 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2009/09/30 15:11:41 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{221B383D-377C-487F-86F2-F25E66FB7E6D}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Extras:
OTL Extras logfile created on: 9/28/2009 12:57:57 AM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\all\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 208.66 Mb Available Physical Memory | 41.56% Memory free
1.20 Gb Paging File | 0.80 Gb Available in Paging File | 66.66% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 45.19 Gb Free Space | 64.72% Space Free | Partition Type: NTFS
Drive D: | 586.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D508N091
Current User Name: all
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard
"6999:TCP" = 6999:TCP:*:Enabled:Blizzard
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6113:TCP" = 6113:TCP:*:Enabled:Blizzard
"6114:TCP" = 6114:TCP:*:Enabled:Blizzard
"6115:TCP" = 6115:TCP:*:Enabled:Blizzard
"6116:TCP" = 6116:TCP:*:Enabled:Blizzard
"6117:TCP" = 6117:TCP:*:Enabled:Blizzard
"6118:TCP" = 6118:TCP:*:Enabled:Blizzard
"6119:TCP" = 6119:TCP:*:Enabled:Blizzard
"3460:TCP" = 3460:TCP:*:Enabled:application fact.exe

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- (FrostWire Group)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Interactive PTE LTD)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1208561600\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1208561600\ee\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\all\Desktop\avira_antivir_personal_en.exe" = C:\Documents and Settings\all\Desktop\avira_antivir_personal_en.exe:*:Enabled:avira_antivir_personal_en -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{172EF666-D1C9-43D7-B484-F19EF59709C4}" = Visual C++ 8 Merge Module Installer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A949611-335E-4CC7-8EDD-9BD67A5E27C7}" = OpenOffice.org 3.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM MusicLink 4.0.0.0" = AIM MusicLink 4.0.0.0
"AIM_6" = AIM 6
"AnimalSound" = AnimalSound
"AOL Regclient" = AOL Registration
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"EHome Devices" = Media Center Extender
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ERUNT_is1" = ERUNT 1.1j
"FrostWire" = FrostWire 4.13.2.0
"Garena" = Garena
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StealthBot v2.6 Revision 3" = StealthBot v2.6 Revision 3 (remove only)
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/27/2009 10:47:01 PM | Computer Name = D508N091 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/27/2009 10:47:16 PM | Computer Name = D508N091 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/27/2009 10:47:47 PM | Computer Name = D508N091 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/27/2009 10:47:47 PM | Computer Name = D508N091 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 9/28/2009 12:35:41 AM | Computer Name = D508N091 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.

Error - 9/28/2009 12:38:43 AM | Computer Name = D508N091 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/28/2009 12:38:43 AM | Computer Name = D508N091 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/28/2009 12:38:58 AM | Computer Name = D508N091 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/28/2009 12:39:29 AM | Computer Name = D508N091 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/28/2009 12:39:44 AM | Computer Name = D508N091 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 9/28/2009 12:30:23 AM | Computer Name = D508N091 | Source = Service Control Manager | ID = 7034
Description = The Media Center Scheduler Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/28/2009 12:30:23 AM | Computer Name = D508N091 | Source = Service Control Manager | ID = 7034
Description = The SNMP Service service terminated unexpectedly. It has done this
1 time(s).

Error - 9/28/2009 12:30:23 AM | Computer Name = D508N091 | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Resource Monitor service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 9/28/2009 12:30:23 AM | Computer Name = D508N091 | Source = Service Control Manager | ID = 7031
Description = The Media Center Receiver Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 9/28/2009 12:30:23 AM | Computer Name = D508N091 | Source = Service Control Manager | ID = 7034
Description = The Message Queuing Triggers service terminated unexpectedly. It
has done this 1 time(s).

Error - 9/28/2009 12:30:24 AM | Computer Name = D508N091 | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 9/28/2009 12:30:24 AM | Computer Name = D508N091 | Source = Service Control Manager | ID = 7034
Description = The Message Queuing service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/28/2009 12:30:24 AM | Computer Name = D508N091 | Source = Service Control Manager | ID = 7031
Description = The IIS Admin service terminated unexpectedly. It has done this 2
time(s). The following corrective action will be taken in 1 milliseconds: Run
the configured recovery program.

Error - 9/28/2009 12:30:24 AM | Computer Name = D508N091 | Source = Service Control Manager | ID = 7034
Description = The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly.
It has done this 2 time(s).

Error - 9/28/2009 12:30:24 AM | Computer Name = D508N091 | Source = Service Control Manager | ID = 7034
Description = The World Wide Web Publishing service terminated unexpectedly. It
has done this 2 time(s).


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP