TR/Dropper.Gen trojan infection

I have contracted a TR/Dropper.Gen infection. I've attached malwarebytes, RootRepeal & OTL logs as well as what feedback I get from my copy of Avira Antivir Personal.

Symptoms noted so far are:

- Every 5-6 minutes, Avira pops up a warning (see AVrprt2.png attached). The svchost.exe file referenced (AVrprt.png) is gone when I open the folder referenced. I've been deleting the folders. The name of the folder changes with every instance, but its always 4 characters with a .tmp extension.
- Google/Bing searches are redirected.
- Every nth page I open in my browser (Firefox) is accompanied by a 2nd tab opening directed to some ad. Firefox's WOT add-on consistently shows red for these pages. I'm not sure what 'n' is. It seems to be about every 6th or 7th page I open. 'Open' can be in a new tab or just going to a new page in an existing tab. WOT (Web of Trust) is a Firefox add-on that rates websites for safety/content. Green is good, red is bad.

In addition to the Malwarebytes quick scan, I ran Avira's complete scan, SuperAntiSpyware's complete scan and Malwarebytes Complete Scan. All came up clean.

I DO have multiple anti-malware/virus packages installed. Only Avira runs in the backround. The others are used for scanning approximately once a week.

Also, I was unable to get SysRestorePoint to run to completion. So I manually created a restore point using Vista's built in function.

Any guidance anyone can provide will be much appreciated!!

OTL logfile created on: 12/1/2009 1:30:40 PM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\aaDownloads\Dec01\GtoGo
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 10240 10240 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 211.23 Gb Free Space | 74.53% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.74 Gb Free Space | 59.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 596.17 Gb Total Space | 403.84 Gb Free Space | 67.74% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VISTAPC
Current User Name: Mark Zellinger
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/01 11:36:11 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\aaDownloads\Dec01\GtoGo\OTL.exe
PRC - [2009/09/27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/09/27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/22 15:02:26 | 00,098,304 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2009/09/22 15:02:14 | 00,315,392 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2009/09/22 15:01:46 | 00,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2009/08/06 11:06:39 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/22 17:57:12 | 00,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/06/12 07:04:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/06/03 13:46:38 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 00:27:45 | 01,792,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2009/04/11 00:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/19 14:23:24 | 00,202,064 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/25 00:31:07 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/10/04 13:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/14 18:39:36 | 00,536,576 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/01/20 20:24:22 | 00,520,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
PRC - [2008/01/17 06:22:20 | 04,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 05:17:24 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/02 02:38:44 | 00,455,336 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
PRC - [2007/11/02 02:38:42 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
PRC - [2007/10/18 14:53:54 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdvcoms.exe
PRC - [2007/08/11 14:50:00 | 00,331,264 | ---- | M] () -- C:\aaFromOldPC\NetMeter\NetMeter.exe

========== Modules (SafeList) ==========

MOD - [2009/12/01 11:36:11 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\aaDownloads\Dec01\GtoGo\OTL.exe
MOD - [2009/04/11 00:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/09/27 17:47:00 | 00,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/09/27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/09/25 12:06:50 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/24 19:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/22 15:01:46 | 00,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/08/06 11:06:39 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/22 17:57:12 | 00,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/12 07:04:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/25 00:31:07 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/25 00:31:07 | 00,045,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/10/04 13:58:04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/03/24 07:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/20 20:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/10/18 14:53:54 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdvcoms.exe -- (lxdv_device)
SRV - [2007/10/18 10:53:41 | 00,098,984 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?gl=all"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.2009110501
FF - prefs.js..extensions.enabledItems: {a756d17a-5a4c-4417-813c-c8cd0151e486}:1.3.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:2.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.6
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.52
FF - prefs.js..extensions.enabledItems: {403304EE-066A-4a2a-8F41-F12028480A0A}:1.8.51

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/22 14:13:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/22 14:13:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 14:13:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/11/22 14:13:15 | 00,000,000 | ---D | M]

[2009/10/14 20:57:10 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Extensions
[2009/06/14 13:45:42 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2009/08/14 17:17:39 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Extensions\MediaCoder-Benchmark
[2009/10/14 20:57:10 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Extensions\MediaCoder-MCEX
[2009/08/14 17:18:01 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2009/12/01 11:13:40 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions
[2009/08/19 02:13:07 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/10/29 15:18:42 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2009/11/14 11:04:27 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2009/07/01 04:49:45 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/09/14 18:23:42 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{403304EE-066A-4a2a-8F41-F12028480A0A}
[2009/11/12 18:30:33 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/03/08 09:06:41 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{777181b2-bbac-4e6b-9c3f-499d17029514}
[2009/11/06 02:08:40 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/06/14 11:29:52 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2009/10/01 06:24:59 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{a756d17a-5a4c-4417-813c-c8cd0151e486}
[2009/11/19 23:20:39 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/13 02:02:11 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/28 07:08:16 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\[email protected]
[2009/10/24 13:46:46 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\[email protected]
[2009/08/15 06:52:01 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\[email protected]
[2009/11/11 06:49:41 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\[email protected]
[2009/07/30 22:58:40 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\[email protected]
[2009/11/11 06:49:41 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\[email protected]
[2009/06/30 12:54:49 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\[email protected]
[2009/10/21 08:25:30 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\[email protected]
[2009/11/06 02:08:40 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Mozilla\Firefox\Profiles\641akj3l.default\extensions\yetanothersmoothscrolling@kataho
[2009/12/01 11:13:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/08 09:07:36 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: (302817 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10437 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Lexmark X5400 Series Fax Server] C:\Program Files\Lexmark X5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKCU..\Run: [C:\aaFromOldPC\NetMeter\NetMeter.exe] C:\aaFromOldPC\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - Startup: C:\Users\Mark Zellinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DevMgr.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...s/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcp...DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcp...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17586369-cc83-11de-8ad2-00219b1cc754}\Shell - "" = AutoRun
O33 - MountPoints2\{17586369-cc83-11de-8ad2-00219b1cc754}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{71e92a1a-1f0c-11de-b47a-00219b1cc754}\Shell - "" = AutoRun
O33 - MountPoints2\{71e92a1a-1f0c-11de-b47a-00219b1cc754}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (/r) - File not found
O34 - HKLM BootExecute: (\??\G:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 20:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/01 13:20:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/01 13:20:02 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/01 06:49:17 | 00,000,000 | ---D | C] -- C:\Program Files\GordianKnot
[2009/11/29 02:25:42 | 00,000,000 | ---D | C] -- C:\Users\Mark Zellinger\AppData\Roaming\Auslogics
[2009/11/29 02:25:39 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/11/29 02:10:50 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/11/25 07:38:39 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/23 20:14:07 | 00,000,000 | ---D | C] -- C:\Users\Mark Zellinger\Documents\iWisoft Video Converter
[2009/11/23 20:07:40 | 00,000,000 | ---D | C] -- C:\Users\Mark Zellinger\AppData\Roaming\Actecom
[2009/11/23 20:06:57 | 00,000,000 | ---D | C] -- C:\Users\Mark Zellinger\AppData\Local\WDSetup
[2009/11/22 14:13:00 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/22 14:13:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/11/22 10:06:20 | 00,000,000 | ---D | C] -- C:\Users\Mark Zellinger\AppData\Local\Womble
[2009/11/22 10:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\Womble Multimedia
[2009/11/20 06:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema
[2009/08/04 21:15:13 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Mark Zellinger\AppData\Roaming\pcouffin.sys
[2009/04/20 13:51:24 | 00,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDVhcp.dll
[2009/04/20 13:51:24 | 00,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdvinpa.dll
[2009/04/20 13:51:24 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdviesc.dll
[2009/04/20 13:51:23 | 01,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdvserv.dll
[2009/04/20 13:51:23 | 00,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdvusb1.dll
[2009/04/20 13:51:23 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdvpmui.dll
[2009/04/20 13:51:23 | 00,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdvlmpm.dll
[2009/04/20 13:51:23 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdvprox.dll
[2009/04/20 13:51:21 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdvhbn3.dll
[2009/04/20 13:51:20 | 00,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomc.dll
[2009/04/20 13:51:20 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomm.dll

========== Files - Modified Within 14 Days ==========

[2009/12/01 13:30:57 | 06,029,312 | ---- | M] () -- C:\Users\Mark Zellinger\ntuser.dat
[2009/12/01 13:20:03 | 00,000,695 | ---- | M] () -- C:\Users\Mark Zellinger\Desktop\NTREGOPT.lnk
[2009/12/01 13:20:03 | 00,000,676 | ---- | M] () -- C:\Users\Mark Zellinger\Desktop\ERUNT.lnk
[2009/12/01 13:14:57 | 03,754,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/01 13:14:57 | 01,200,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/01 13:14:57 | 00,005,082 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/01 13:08:31 | 00,192,842 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/12/01 13:08:29 | 00,192,842 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/12/01 13:08:21 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2009/12/01 13:08:14 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/01 13:08:13 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/01 13:08:08 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/01 13:07:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/01 13:06:41 | 00,524,288 | -HS- | M] () -- C:\Users\Mark Zellinger\ntuser.dat{e6c1a409-c8e7-11de-ac3c-00219b1cc754}.TMContainer00000000000000000001.regtrans-ms
[2009/12/01 13:06:41 | 00,065,536 | -HS- | M] () -- C:\Users\Mark Zellinger\ntuser.dat{e6c1a409-c8e7-11de-ac3c-00219b1cc754}.TM.blf
[2009/12/01 12:56:04 | 00,000,495 | ---- | M] () -- C:\Users\Mark Zellinger\Desktop\Temp - Shortcut.lnk
[2009/12/01 11:03:41 | 06,291,456 | -H-- | M] () -- C:\Users\Mark Zellinger\AppData\Local\IconCache.db
[2009/11/29 17:25:00 | 00,000,448 | ---- | M] () -- C:\Windows\tasks\BlackBeauty0529.job
[2009/11/29 17:23:00 | 00,000,362 | ---- | M] () -- C:\Windows\tasks\!BlackBeauty0529.job
[2009/11/29 02:25:40 | 00,000,903 | ---- | M] () -- C:\Users\Mark Zellinger\Desktop\SnglDfrg.lnk
[2009/11/28 06:44:21 | 00,074,240 | ---- | M] () -- C:\Users\Mark Zellinger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/26 16:05:22 | 00,000,160 | ---- | M] () -- C:\Users\Mark Zellinger\Documents\cc_20091126_160519.reg
[2009/11/20 10:09:34 | 00,000,658 | ---- | M] () -- C:\Users\Mark Zellinger\AppData\Roaming\AutoGK.ini
[2009/11/20 06:38:17 | 00,000,732 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema.lnk
[2009/11/17 17:42:36 | 00,001,485 | ---- | M] () -- C:\Users\Mark Zellinger\Desktop\HowTo.lnk
[2009/11/17 17:39:29 | 00,000,961 | ---- | M] () -- C:\Users\Mark Zellinger\Desktop\VDub.lnk
[2009/11/17 17:35:04 | 00,000,917 | ---- | M] () -- C:\Users\Mark Zellinger\Desktop\DGIndex.lnk

========== Files Created - No Company Name ==========

[2009/12/01 13:20:03 | 00,000,695 | ---- | C] () -- C:\Users\Mark Zellinger\Desktop\NTREGOPT.lnk
[2009/12/01 13:20:03 | 00,000,676 | ---- | C] () -- C:\Users\Mark Zellinger\Desktop\ERUNT.lnk
[2009/12/01 12:56:04 | 00,000,495 | ---- | C] () -- C:\Users\Mark Zellinger\Desktop\Temp - Shortcut.lnk
[2009/11/26 16:05:20 | 00,000,160 | ---- | C] () -- C:\Users\Mark Zellinger\Documents\cc_20091126_160519.reg
[2009/11/20 06:38:17 | 00,000,732 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema.lnk
[2009/11/17 17:35:04 | 00,000,917 | ---- | C] () -- C:\Users\Mark Zellinger\Desktop\DGIndex.lnk
[2009/09/22 01:24:16 | 00,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/09/19 14:58:04 | 00,006,243 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009/09/14 03:29:00 | 00,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009/09/14 03:29:00 | 00,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009/09/14 03:29:00 | 00,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009/09/06 16:37:41 | 00,000,578 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Roaming\mainhst.zgh
[2009/08/14 10:09:46 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/08/12 05:51:16 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/12 05:51:16 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/08/10 08:39:39 | 00,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2009/08/04 21:15:13 | 00,081,920 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Roaming\ezpinst.exe
[2009/08/04 21:15:13 | 00,007,176 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Roaming\pcouffin.cat
[2009/08/04 21:15:13 | 00,001,144 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Roaming\pcouffin.inf
[2009/08/04 21:15:13 | 00,000,074 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Roaming\pcouffin.log
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/02 03:59:44 | 00,000,067 | ---- | C] () -- C:\Windows\Speed Video Converter.INI
[2009/08/01 14:24:07 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/08/01 14:24:05 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/07/30 04:57:01 | 00,106,496 | ---- | C] () -- C:\Windows\PreConvert.dll
[2009/07/04 03:33:49 | 00,000,658 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Roaming\AutoGK.ini
[2009/06/01 12:31:41 | 00,192,842 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/01 12:31:41 | 00,192,842 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/28 18:52:17 | 00,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009/05/28 18:51:34 | 00,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/27 04:53:03 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/28 16:19:21 | 00,026,340 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Roaming\UserTile.png
[2009/04/20 13:55:40 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdvcoin.dll
[2009/04/20 13:53:29 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXDVPMON.DLL
[2009/04/20 13:53:29 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXDVFXPU.DLL
[2009/04/20 13:53:09 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdvoem.dll
[2009/04/20 13:51:36 | 00,000,060 | ---- | C] () -- C:\Windows\System32\lxdvrwrd.ini
[2009/04/20 13:51:25 | 00,348,160 | ---- | C] () -- C:\Windows\System32\LXDVinst.dll
[2009/04/20 13:51:21 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdvgrd.dll
[2009/04/18 18:53:26 | 00,001,356 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Local\d3d9caps.dat
[2009/04/08 11:36:14 | 00,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2009/04/08 11:26:44 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/03/21 00:52:48 | 00,000,379 | ---- | C] () -- C:\Windows\newsbot.ini
[2009/03/19 20:17:31 | 00,022,723 | ---- | C] () -- C:\Windows\System32\sugo3l3.dll
[2009/03/13 15:22:50 | 00,000,578 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Roaming\wklnhst.dat
[2009/03/11 19:54:01 | 00,076,407 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Roaming\Smiley.ico
[2009/03/08 06:23:06 | 00,074,240 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/26 16:37:03 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/02/26 16:37:03 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/02/26 16:37:03 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/02/26 16:37:03 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/02/05 12:28:20 | 00,000,051 | ---- | C] () -- C:\Users\Mark Zellinger\AppData\Local\setup.txt
[2007/09/06 10:40:36 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdvdrs.dll
[2007/08/10 09:49:54 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdvcaps.dll
[2007/07/16 07:53:09 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdvcnv4.dll
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/31 19:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdvvs.dll
[2006/03/18 07:16:04 | 02,402,304 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2006/02/25 05:12:34 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/02/25 05:09:38 | 00,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2002/10/15 16:54:04 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2009/08/07 01:22:00 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\4Media Software Studio
[2009/05/03 14:49:28 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Acoustica
[2009/09/22 03:43:00 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Acronis
[2009/11/23 20:07:40 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Actecom
[2009/08/16 16:18:11 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Any Video Converter
[2009/12/01 06:45:10 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Auslogics
[2009/10/03 20:37:37 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\avidemux
[2009/10/07 14:36:47 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Broad Intelligence
[2009/05/11 20:53:40 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Copernic
[2009/07/02 10:17:15 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Cuttermaran
[2009/07/31 16:45:10 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\dcunningham.net
[2009/11/10 20:10:19 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Desktopicon
[2009/05/01 08:13:48 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\FFSJ
[2009/03/11 07:48:37 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\FireShot
[2009/03/08 07:19:16 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Foxit
[2009/10/20 14:58:32 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Foxit Software
[2009/11/16 15:33:10 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\gAllMedia
[2009/03/21 00:37:19 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\GeoVid
[2009/08/19 03:08:24 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\GlarySoft
[2009/11/03 10:55:22 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Gui4Cli
[2009/05/07 12:23:05 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\IObit
[2009/08/19 02:13:04 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Leawo
[2009/11/15 20:18:31 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Lexmark Productivity Studio
[2009/07/02 11:02:46 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\MPEG Streamclip
[2009/12/01 11:04:46 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\NetMeter
[2009/10/07 12:27:46 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\OpenDNS Updater
[2009/03/09 09:24:57 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\OpenOffice.org
[2009/06/18 20:37:33 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\OxelonMC
[2009/03/11 02:28:54 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Rokario
[2009/10/08 12:41:43 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Safer Networking
[2009/05/15 23:29:34 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Seven Zip
[2009/11/26 16:14:12 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Software Informer
[2009/07/28 13:50:44 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Sony
[2009/07/24 11:30:41 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\STOIK
[2009/05/29 09:01:01 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\SystemRequirementsLab
[2009/04/12 16:00:52 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Template
[2009/11/14 08:35:48 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Thinstall
[2009/03/08 12:42:57 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Thunderbird
[2009/12/01 11:04:46 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\uTorrent
[2009/08/21 01:13:23 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\Vso
[2009/11/04 23:46:48 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\WinFF
[2009/08/02 03:57:05 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\WinMPG
[2009/04/20 14:03:30 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\X5400 Series
[2009/10/11 10:50:22 | 00,000,000 | ---D | M] -- C:\Users\Mark Zellinger\AppData\Roaming\ZipGenius
[2009/11/29 17:23:00 | 00,000,362 | ---- | M] () -- C:\Windows\Tasks\!BlackBeauty0529.job
[2009/11/29 17:25:00 | 00,000,448 | ---- | M] () -- C:\Windows\Tasks\BlackBeauty0529.job
[2009/12/01 13:08:21 | 00,000,330 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2009/12/01 13:06:45 | 00,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_int0800\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0000\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0100\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0200\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0800\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0a03\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0b00\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0c01\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0c02\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0c04\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0c0b\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\_pnp0c0c\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\acpi_fixedbutton\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\acpi_thermalzone\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\pci_cc_0601\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\root_mssmbios\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\root_rdp_kbd\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\root_rdp_mou\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\root_swenum\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Users\Mark Zellinger\Documents\My Drivers\System\root_volmgr\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 20:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/02/26 16:18:34 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009/02/26 16:18:34 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\Mark Zellinger\Documents\My Drivers\hdc\internal_ide_channel\atapi.sys
[2009/12/01 11:04:56 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 20:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 20:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/02/26 16:18:34 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/26 04:41:38 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 04:41:38 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 04:41:38 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 04:41:38 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 20:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 20:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 20:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8CE646EE
< End of report >

Attached Thumbnails

Attached Files

mbam_log_2009_12_01__13_25_04_.txt 834bytes 116 downloads
RootRepeal_report_12_01_09__13_26_43_.txt 1.97KB 124 downloads
OTL.Txt 102.05KB 188 downloads
Extras.Txt 46.34KB 163 downloads

#1
redbird14

Posted 01 December 2009 - 01:48 PM

Attached Thumbnails

Attached Files

Advertisements

#2
redbird14

Posted 02 December 2009 - 07:16 AM

#3
redbird14

Posted 02 December 2009 - 10:24 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

TR/Dropper.Gen trojan infection

#1 redbird14 Posted 01 December 2009 - 01:48 PM

Attached Thumbnails

Attached Files

Advertisements

#2 redbird14 Posted 02 December 2009 - 07:16 AM

#3 redbird14 Posted 02 December 2009 - 10:24 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
redbird14

Posted 01 December 2009 - 01:48 PM

#2
redbird14

Posted 02 December 2009 - 07:16 AM

#3
redbird14

Posted 02 December 2009 - 10:24 PM