OTL logfile created on: 12/28/2009 1:23:32 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 19.68 Gb Free Space | 26.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-175A68739A
Current User Name: owner
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\AppPatch\aclayers.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shimeng.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (gupdate1c9b7f418cdc8d4) Google Update Service (gupdate1c9b7f418cdc8d4) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv32.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Driver Services (SafeList) ========== DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.microsoft...p...&ar=msnhomeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft...p...ER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://wowway.com/IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "
http://google.atcomet.com/b/"FF - prefs.js..extensions.enabledItems: avg@igeared:2.609.002.003
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..network.proxy.type: 2
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 20:36:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/31 09:54:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2009/04/14 15:37:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2009/04/14 15:37:42 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/12/13 16:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\243xee2p.default\extensions
[2009/09/03 19:43:47 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\243xee2p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/28 18:32:40 | 00,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\243xee2p.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [Ad-Watch Live!] C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe (Lavasoft)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0470E62C-C97E-4317-81E5-0774D8CBF7B7}
http://www.gfi.com/e...ndPointScan.cab (EndPointScan Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.mi...b?1233068330721 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539}
http://crucial.com/c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}
http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.233.214.34 64.233.214.41
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/27 09:23:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2009/12/28 13:16:39 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2009/12/28 10:02:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/12/28 10:02:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/12/28 00:46:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/12/28 00:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/12/28 00:44:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\Visual Studio 2008
[2009/12/28 00:44:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft Help
[2009/12/28 00:42:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/12/28 00:42:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/12/28 00:42:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/12/28 00:42:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/12/28 00:40:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/12/27 23:50:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/12/27 23:32:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Desktop\smitRem
[2009/12/27 23:29:02 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/12/27 23:28:48 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/12/26 21:04:22 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\TFC.exe
[2009/12/26 21:00:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\WebEndPointScan
[2009/12/26 00:58:10 | 00,000,000 | ---D | C] -- C:\aae7392f70e3e9d0d9744e
[2009/12/25 11:58:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/25 02:09:52 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/12/25 01:56:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/24 21:35:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/24 21:35:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/24 20:59:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Malwarebytes
[2009/12/24 20:59:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/24 20:59:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/24 20:54:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/24 19:33:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/12/24 18:21:02 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009/12/24 18:20:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/12/24 18:20:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/24 18:20:31 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2009/12/24 14:00:51 | 00,000,000 | ---D | C] -- C:\00944488c053e4e8f8
[2009/12/22 23:17:11 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/12/22 23:17:10 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/12/22 23:17:09 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/12/22 23:17:07 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/12/22 23:17:06 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/12/22 23:17:05 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/12/22 23:17:03 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/12/22 23:17:02 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/12/22 23:17:00 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/12/22 23:16:57 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/12/22 23:16:55 | 00,053,248 | ---- | C] (
http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/12/22 19:57:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/12/22 19:57:50 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/12/22 19:57:34 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/22 12:08:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\MySpace Design Package - RSV Designs
[2009/12/21 19:44:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2009/12/21 19:44:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2009/12/21 19:44:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2009/12/21 19:44:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2009/12/21 19:44:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2009/12/21 19:44:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2009/12/21 19:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2009/12/21 19:36:15 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/21 18:25:30 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/12/21 18:25:30 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/12/21 11:50:27 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/12/21 11:45:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/12/18 10:38:50 | 00,000,000 | ---D | C] -- C:\18622d123fe52b3726
[2009/12/18 10:29:54 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/12/17 12:23:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2009/12/17 12:23:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2009/12/16 14:32:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/12/16 12:37:11 | 00,000,000 | ---D | C] -- C:\282ad8db1680954f08
[2009/12/16 12:10:53 | 00,000,000 | ---D | C] -- C:\e0e6672381b0435872
[2009/12/15 17:33:13 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\owner\PrivacIE
[2009/12/10 14:51:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\acccore
[2009/12/10 14:51:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\AIM
[2009/12/10 14:51:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\AOL
[2009/12/10 14:51:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/12/10 14:51:00 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/12/04 23:11:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\owner\My Documents\WM_owner My Documents
[2009/12/04 23:09:17 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\$_hpcst$.hpc
[2009/12/04 13:01:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\owner\IETldCache
[2009/12/04 12:58:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/04 12:58:15 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/04 12:58:15 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/04 12:58:15 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/04 12:58:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/04 12:57:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/12/04 12:56:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/06 21:47:48 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D74ECA5172.sys
[2009/06/06 21:47:47 | 00,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/05/29 14:34:00 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/07 23:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/07 21:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/21 09:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/03/02 23:28:58 | 00,077,376 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\GDIPFONTCACHEV1.DAT
[2009/02/23 12:11:32 | 00,040,042 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\wklnhst.dat
[2009/02/22 21:09:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/22 01:16:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/22 01:16:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/22 01:16:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/22 00:35:14 | 00,077,376 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/27 09:37:30 | 04,240,656 | -H-- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\IconCache.db
[2009/01/27 09:29:31 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\owner\Application Data\desktop.ini
[2009/01/27 05:03:31 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[1 C:\Documents and Settings\owner\My Documents\*.tmp files -> C:\Documents and Settings\owner\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2009/12/28 13:16:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\OTL.exe
[2009/12/28 13:04:58 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/28 13:04:58 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2009/12/28 13:04:58 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2009/12/28 13:04:58 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2009/12/28 13:04:58 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2009/12/28 12:52:06 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/28 12:47:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/28 12:46:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 12:45:30 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\owner\NTUSER.DAT
[2009/12/28 12:45:22 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2009/12/28 12:45:16 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\IconCache.db
[2009/12/28 10:54:52 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/28 10:54:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 10:02:30 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/28 10:02:02 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/27 23:44:21 | 00,953,010 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Thank you for downloading Ad-Aware Free Anti-Malware from Download_com.mht
[2009/12/27 23:30:50 | 00,348,142 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Scan - ActiveScan 2_0.mht
[2009/12/27 23:26:56 | 00,383,836 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\smitRem.exe
[2009/12/26 21:04:26 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Desktop\TFC.exe
[2009/12/25 01:56:53 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\HijackThis.lnk
[2009/12/24 21:36:01 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/24 20:54:38 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/12/24 20:54:23 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\NTREGOPT.lnk
[2009/12/24 20:54:23 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\ERUNT.lnk
[2009/12/22 19:57:36 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\CCleaner.lnk
[2009/12/21 19:46:45 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/21 11:45:35 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/12/19 13:03:56 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/12/17 12:33:39 | 02,332,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/13 23:27:19 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\What is Christmas about.doc
[2009/12/13 23:27:18 | 00,040,042 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\wklnhst.dat
[2009/12/11 18:00:57 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2009/12/10 14:51:18 | 00,000,461 | -H-- | M] () -- C:\IPH.PH
[2009/12/10 14:51:07 | 00,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/12/09 22:37:51 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 22:37:51 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 22:37:50 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/05 04:22:13 | 00,072,704 | -H-- | M] () -- C:\Documents and Settings\owner\My Documents\photothumb.db
[2009/12/04 23:39:40 | 00,077,376 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/04 23:11:26 | 00,001,429 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\WM_owner My Documents.LNK
[2009/12/04 23:09:17 | 00,002,528 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\$_hpcst$.hpc
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 08:19:04 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/29 21:35:51 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\IMG SRC about this girl.doc
[1 C:\Documents and Settings\owner\My Documents\*.tmp files -> C:\Documents and Settings\owner\My Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2009/12/28 13:04:56 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2009/12/28 13:04:56 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2009/12/28 13:04:56 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2009/12/28 13:04:56 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2009/12/28 12:42:25 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/12/28 10:12:03 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/28 10:02:30 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/12/27 23:44:21 | 00,953,010 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Thank you for downloading Ad-Aware Free Anti-Malware from Download_com.mht
[2009/12/27 23:30:47 | 00,348,142 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Scan - ActiveScan 2_0.mht
[2009/12/27 23:26:11 | 00,383,836 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\smitRem.exe
[2009/12/25 01:56:53 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\HijackThis.lnk
[2009/12/24 21:36:01 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/24 20:54:38 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/12/24 20:54:23 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\NTREGOPT.lnk
[2009/12/24 20:54:23 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\ERUNT.lnk
[2009/12/22 23:17:04 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/12/22 23:17:00 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/12/22 23:16:59 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/12/22 19:57:36 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\CCleaner.lnk
[2009/12/21 23:04:53 | 00,017,635 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Picture 712.jpg
[2009/12/21 23:03:36 | 00,540,175 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Shaq(Lebron comment.jpg
[2009/12/21 22:53:36 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Daily Prayer Covering.doc
[2009/12/21 11:51:16 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/21 11:45:35 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/12/13 23:27:17 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\What is Christmas about.doc
[2009/12/11 18:00:57 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2009/12/10 14:51:07 | 00,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/12/10 14:50:20 | 00,000,461 | -H-- | C] () -- C:\IPH.PH
[2009/12/04 23:11:26 | 00,001,429 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\WM_owner My Documents.LNK
[2009/11/29 21:35:49 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\IMG SRC about this girl.doc
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/31 15:19:05 | 00,102,462 | ---- | C] () -- C:\WINDOWS\System32\DspFx.dll
[2009/03/04 01:06:54 | 00,000,016 | ---- | C] () -- C:\WINDOWS\System32\jgldog11.dll
[2009/02/22 14:22:21 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/22 00:03:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/08/04 05:00:00 | 00,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 05:00:00 | 00,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 05:00:00 | 00,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 05:00:00 | 00,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 05:00:00 | 00,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. >[2009/09/26 15:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/09/26 09:47:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2009/12/10 14:51:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/03/17 19:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/24 20:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/06 21:45:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/03/18 11:30:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/12/28 10:02:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/12/24 20:59:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/28 00:45:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/12/17 12:12:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2009/12/28 00:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/12/17 12:23:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/12/11 18:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/12/24 19:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/11/16 15:52:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/11/03 18:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/30 20:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/01/27 10:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/27 23:46:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/12/24 11:24:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/12/28 10:02:34 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >[2009/12/07 09:10:33 | 02,953,352 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
[2009/11/25 11:28:37 | 02,029,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgtray.exe
[2009/11/25 11:28:42 | 03,514,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgui.exe
[2009/12/12 09:16:43 | 01,143,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgupd.exe
[2009/12/28 12:52:45 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2009/12/28 12:53:14 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2009/12/28 12:53:40 | 01,643,272 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2009/12/28 12:53:57 | 00,822,904 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2009/12/28 12:54:13 | 00,816,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2009/12/28 13:04:13 | 00,862,040 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2009/03/18 16:55:46 | 00,607,472 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
< %APPDATA%\*. >[2009/12/10 14:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\acccore
[2009/12/24 19:51:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Adobe
[2009/03/21 08:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\alot
[2009/04/12 21:36:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Apple Computer
[2009/04/28 18:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\CometNetwork
[2009/06/06 21:47:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Corel
[2009/02/22 00:58:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\CyberLink
[2009/06/12 12:33:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\DivX
[2009/06/07 00:46:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Download Manager
[2009/03/09 11:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Elluminate
[2009/01/27 09:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Identities
[2009/02/22 02:47:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Juce VST Host
[2009/02/22 00:08:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Macromedia
[2009/12/24 20:59:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Malwarebytes
[2009/12/28 00:45:04 | 00,000,000 | --SD | M] -- C:\Documents and Settings\owner\Application Data\Microsoft
[2009/04/14 15:37:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla
[2009/02/21 23:59:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Opera
[2009/11/16 15:42:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\skypePM
[2009/02/23 10:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Sun
[2009/11/03 18:34:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\SUPERAntiSpyware.com
[2009/03/27 23:44:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Yahoo!
< %APPDATA%\*.exe /s >[2008/05/29 01:03:08 | 00,037,176 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
< %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: IASTOR.SYS >[2006/02/21 17:44:30 | 00,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\WINDOWS\dell\iastor\iastor.sys
< MD5 for: NETLOGON.DLL >[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NVATABUS.SYS >[2006/03/16 19:51:32 | 00,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2006/03/16 19:51:32 | 00,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys
< MD5 for: SCECLI.DLL >[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s > < c:\$recycle.bin\*.* /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 304 bytes -> C:\Documents and Settings\owner\My Documents\REDhgf.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\owner\My Documents\RAINDROPSCOMBINED.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\owner\My Documents\Dominique Reyes.JPG:SummaryInformation
< End of report >