I have avg free. malware bytes has lost it's bite..any help appreciated, before I reformat..which I plan to do soon anyway. but would like to clear this crap out first, so I can advise some of my contacts.
Tia
salsa
messenger virus refuses to die
Started by
salsamac
, Apr 22 2010 12:41 PM
#1
Posted 22 April 2010 - 12:41 PM
salsamac
-
- Member
-
- 5 posts
New Member
I have avg free. malware bytes has lost it's bite..any help appreciated, before I reformat..which I plan to do soon anyway. but would like to clear this crap out first, so I can advise some of my contacts.
Tia
salsa
#2
Posted 22 April 2010 - 03:06 PM
Elliot
-
- Expert
-
- 3,769 posts
Retired Staff
Hello, salsamac!
Welcome to Geeks to Go! My name is Elster and I will be helping you fix your computer.
Please note that I am still in training, so there may be some delay between my responses. This is so that a resident expert may check my reply before I post back to you.
Also, please keep in mind that very rarely will a computer be "dis-infected" on the first sweep. The absence of symptoms does not mean that your computer is clean, so please stick with me until I give you the All Clear!
I recommend that you save and print each of my posts, as there will be times when you will not be able to be online to access them.
Step 1:
GMER
Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
Step 2:
OTL
Step 3:
Reply
Please paste your GMER and OTL logs in your reply.
Thanks!
Elster
Welcome to Geeks to Go! My name is Elster and I will be helping you fix your computer.
Please note that I am still in training, so there may be some delay between my responses. This is so that a resident expert may check my reply before I post back to you.
Also, please keep in mind that very rarely will a computer be "dis-infected" on the first sweep. The absence of symptoms does not mean that your computer is clean, so please stick with me until I give you the All Clear!
I recommend that you save and print each of my posts, as there will be times when you will not be able to be online to access them.
Step 1:
GMER
Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
- Click on this link to see a list of programs that should be disabled.
- Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
- Allow the driver to load if asked.
- You may be prompted to scan immediately if it detects rootkit activity.
- If you are prompted to scan your system click "No", save the log and post back the results.
- If not prompted, click the "Rootkit/Malware" tab.
- On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click the Scan button to begin. (Please be patient as it can take some time to complete)
- When the scan is finished, click Save to save the scan results to your Desktop.
- Save the file as Results.log and copy/paste the contents in your next reply.
- Exit the program and re-enable all active protection when done.
Step 2:
OTL
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Under the Custom Scan box, paste in the following:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90 - Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Step 3:
Reply
Please paste your GMER and OTL logs in your reply.
Thanks!
Elster
Edited by Elster, 25 April 2010 - 02:26 AM.
#3
Posted 24 April 2010 - 01:21 AM
salsamac
- Topic Starter
-
- Member
-
- 5 posts
New Member
Thanks for the reply. gmer took almost 20 hrs to complete then it froze while saving.Let me know if I should run it again..Here are the logs:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 16:33:11
Windows 5.1.2600 Service Pack 3
Running: glvyiyvq.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwliyfob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEC73E320]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF6E3F900]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs EB54D400
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 4/24/2010 2:59:02 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 44.85 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
PRC - [2010/04/20 14:45:32 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/20 14:45:22 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 13:29:35 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/03/13 16:01:35 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 16:01:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/02 17:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
PRC - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
PRC - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
========== Modules (SafeList) ==========
MOD - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) [Auto | Running] -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe -- (CeEPwrSvc)
SRV - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
========== Driver Services (SafeList) ==========
DRV - [2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/09/17 20:55:55 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/02/13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/09/29 16:56:52 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/09/29 16:56:52 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/09/29 16:56:30 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/09/29 16:56:08 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/01/14 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/01/14 01:05:00 | 000,099,098 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/01/14 01:05:00 | 000,087,706 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/01/14 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/01/14 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/01/14 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/01/14 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/01/14 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/01/14 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/23 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/22 20:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/10/14 18:33:26 | 000,024,576 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_avs.sys -- (ps_avs)
DRV - [2004/10/14 18:33:22 | 000,097,152 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_1394.sys -- (ps_1394)
DRV - [2004/09/02 18:51:08 | 000,004,224 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2004/08/19 17:03:08 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ECioctl.sys -- (SrvcEPECioctl)
DRV - [2004/08/17 03:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/10 16:55:11 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 18:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 18:05:06 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/12 16:48:08 | 000,036,480 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2004/07/12 16:48:02 | 000,330,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2004/06/25 13:37:22 | 000,058,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2004/06/21 16:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/22 02:11:06 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 18:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/01/12 20:05:58 | 000,017,497 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/11/06 21:39:32 | 000,049,792 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2003/11/06 21:39:18 | 000,004,992 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2003/11/06 21:39:16 | 000,015,872 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/08/13 18:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/04/23 18:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/23 04:24:48 | 000,169,088 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.bs/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.0.145
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.http: "206.219.81.86"
FF - prefs.js..network.proxy.http_port: 8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/20 14:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/27 03:27:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/23 03:19:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/23 03:19:44 | 000,000,000 | ---D | M]
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/04/22 03:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions
[2009/09/06 21:39:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 02:34:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/08 16:50:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 00:51:13 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/19 02:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\[email protected]
[2009/04/01 18:16:40 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\searchplugins\live-search.xml
[2010/04/22 22:40:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/09 12:23:00 | 000,073,728 | ---- | M] (Sobonito Investment LTD) -- C:\Program Files\Mozilla Firefox\plugins\npCID.dll
O1 HOSTS File: ([2010/04/20 16:01:04 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll ()
O2 - BHO: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv3.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/09 20:08:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{68d40ab2-0a00-11df-a9f5-00038a000015}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/09 20:07:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/04/22 13:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010/04/22 12:43:16 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 12:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010/04/22 12:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2010/04/22 12:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2010/04/22 04:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/22 04:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/22 04:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/04/21 23:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\malware removal
[2010/04/21 20:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0
[2010/04/21 03:18:53 | 000,036,864 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\Owner\My Documents\blacks~1.scr.back
[2010/04/21 03:06:21 | 000,403,968 | ---- | C] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/04/20 15:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/04/20 15:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/20 15:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/20 15:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/20 15:23:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 15:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/20 15:08:20 | 000,126,976 | ---- | C] (T5Q) -- C:\WINDOWS\msnmls.exe
[2010/04/18 17:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\fanta
[2010/04/18 01:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ken pics cam
[2010/04/15 22:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\alberta files
[2010/04/13 01:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/12 03:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\akakpo
[2010/04/11 23:20:47 | 006,724,848 | ---- | C] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/09 16:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ayere
[2010/03/30 03:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua
[2010/03/28 01:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Reallusion
[2010/03/28 01:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/03/28 01:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Reallusion
[2010/03/28 01:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Reallusion
[2010/03/28 01:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/03/28 01:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reallusion
[2010/03/27 03:32:51 | 000,315,552 | ---- | C] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/27 02:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\emoticons
[2010/03/25 15:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\rose
[2010/03/23 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/03/23 15:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Nokia
[2010/03/23 15:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/03/23 15:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2010/03/23 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NokiaAccount
[2010/03/23 03:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/03/23 03:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/03/23 03:19:04 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/03/23 03:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/03/23 03:13:55 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/03/20 22:38:44 | 000,023,936 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/03/20 22:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0
[2010/03/11 03:58:09 | 000,000,000 | ---D | C] -- C:\b375ffe80ac140da364a2b7a
[2010/03/06 17:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Alia songs
[2010/03/03 05:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Songs for function
[2010/02/20 19:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/02/20 06:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ken pics
[2010/02/17 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\joyce kojo
[2010/02/13 22:14:46 | 018,848,592 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/13 00:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bellina
[2010/02/12 04:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/02/12 04:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2010/02/11 15:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Video
[2010/02/09 02:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/02/08 17:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2010/02/08 16:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2010/02/07 07:15:55 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2010/02/07 07:15:53 | 000,618,112 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2010/02/07 07:15:52 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_080213.dll
[2010/02/07 07:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Aecotech
[2010/02/07 07:15:44 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP207.ax
[2010/02/07 07:15:44 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P207USD.dll
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2010/02/07 07:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2010/02/06 22:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/06 22:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/02/02 18:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Masterwriter Backups
[2010/02/02 01:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Audio
[2010/01/25 19:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Capture
[2010/01/25 19:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater5
[2010/01/25 18:26:34 | 000,000,000 | ---D | C] -- C:\VxCapture
[2010/01/25 18:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\VxViewer
[2010/01/25 18:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\QSD004 PC ViewerV2.5.0
[2004/08/19 17:00:02 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/04/24 03:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/24 02:59:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/04/24 02:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
[2010/04/24 02:53:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 02:53:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 02:53:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 19:04:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/23 19:04:01 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/04/22 13:07:40 | 000,188,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:46:24 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010/04/22 12:43:15 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 09:54:54 | 059,133,905 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/22 04:56:08 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:50 | 000,960,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/21 03:06:22 | 000,403,968 | ---- | M] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:00:09 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 14:58:34 | 000,126,976 | ---- | M] (T5Q) -- C:\WINDOWS\msnmls.exe
[2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/17 04:34:26 | 000,011,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/14 00:13:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 01:05:47 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 03:28:12 | 000,162,215 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/11 23:20:54 | 006,724,848 | ---- | M] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/06 21:48:22 | 000,001,411 | ---- | M] () -- C:\WINDOWS\ConSol.INI
[2010/04/06 21:47:55 | 000,000,520 | ---- | M] () -- C:\WINDOWS\netdet.ini
[2010/04/04 01:54:35 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/04/04 01:51:21 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin.exe
[2010/03/31 19:08:19 | 002,371,013 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:19:20 | 000,273,545 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 02:06:37 | 000,001,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/29 02:06:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 02:06:37 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/28 01:37:26 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/27 03:32:52 | 000,315,552 | ---- | M] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/23 03:34:33 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:13 | 004,156,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/18 15:18:55 | 000,012,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/16 19:18:11 | 004,950,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/03/14 22:59:47 | 000,654,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 22:59:47 | 000,186,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 22:59:47 | 000,005,342 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 16:01:34 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/20 05:04:19 | 000,001,159 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/13 22:15:12 | 018,848,592 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/12 04:11:01 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:37 | 014,087,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:28:05 | 015,945,361 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:43 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:18 | 000,011,627 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:13:28 | 000,011,237 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:28 | 000,021,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/02 02:33:18 | 003,228,315 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:17:22 | 003,030,621 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:39 | 003,219,785 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/01/30 05:26:30 | 000,006,635 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/29 14:39:48 | 033,575,316 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/25 19:26:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/04/22 13:07:40 | 000,188,090 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:44:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010/04/22 12:43:16 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010/04/22 04:56:08 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:48 | 000,960,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/20 16:00:09 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 04:34:26 | 000,011,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/12 03:28:10 | 000,162,215 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/04 01:54:35 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/03/31 19:07:57 | 002,371,013 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:18:44 | 000,273,545 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/28 01:37:26 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/23 03:34:27 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:09 | 004,156,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:12 | 000,012,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/18 15:17:59 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:17:56 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/16 19:18:03 | 004,950,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/02/20 05:04:19 | 000,001,159 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/12 04:22:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/12 04:11:01 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:27 | 014,087,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:25:32 | 015,945,361 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:42 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:08 | 000,011,627 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:12:58 | 000,011,237 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:25 | 000,021,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/07 07:15:55 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/02/07 07:15:44 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2010/02/02 02:47:59 | 003,228,315 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:47:59 | 003,030,621 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:34 | 003,219,785 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/02/02 01:42:14 | 000,761,604 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\K Talking 'Bout These Islands Jan 20 2010 ken mix.cwp
[2010/02/02 01:41:33 | 033,575,316 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/30 05:26:30 | 000,006,635 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/25 19:26:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
[2009/12/18 15:19:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/12/18 15:19:20 | 000,001,411 | ---- | C] () -- C:\WINDOWS\ConSol.INI
[2008/01/23 09:26:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/01/23 09:26:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933~.sys
[2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933.sys
[2007/07/19 16:12:28 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/29 00:43:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2006/06/24 21:38:08 | 000,003,622 | ---- | C] () -- C:\WINDOWS\TWE.INI
[2006/03/09 01:32:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/12/14 14:32:05 | 000,011,857 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2005/12/01 02:39:17 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Winzip32.ini
[2005/10/10 11:07:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/08/31 14:27:51 | 000,000,657 | ---- | C] () -- C:\WINDOWS\SQ01.INI
[2005/06/15 01:36:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/15 01:34:54 | 000,000,548 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 11:22:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/19 17:03:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECioctl.sys
[2004/08/16 16:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2004/08/10 18:37:33 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/10 18:35:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/10 18:35:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/10 18:35:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/10 18:35:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/10 18:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/08/10 18:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2004/08/10 16:57:26 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/08/10 16:57:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/08/10 16:57:26 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/08/10 16:57:26 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/08/10 16:34:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/10 16:23:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/09 20:37:33 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll
[2004/08/09 20:17:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/09 20:12:23 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 20:04:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 19:32:25 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/13 02:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/04/22 01:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/03/02 13:34:50 | 001,642,496 | ---- | C] () -- C:\WINDOWS\System32\mplva6.dll
[2001/03/02 13:34:50 | 001,576,960 | ---- | C] () -- C:\WINDOWS\System32\mplvw7.dll
[2001/03/02 13:34:50 | 001,548,288 | ---- | C] () -- C:\WINDOWS\System32\mplvm6.dll
[2001/03/02 13:34:50 | 001,118,208 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2001/03/02 13:34:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplapx.dll
[2001/03/02 13:34:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
========== LOP Check ==========
[2006/06/25 02:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2007/09/29 16:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/12/19 03:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/02 23:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/09/29 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2006/05/06 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/10/02 04:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MasterWriter 2.0
[2010/04/22 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2004/08/10 17:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/03/23 03:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/09/29 17:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2006/01/16 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2004/08/10 17:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2005/08/06 13:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2010/01/08 23:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Carnival Software
[2010/02/09 02:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2005/12/18 01:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileMaker
[2006/05/09 20:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FireBox Mixer
[2006/01/27 03:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Firetrust
[2009/05/08 13:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2010/01/09 06:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2004/08/10 18:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/08/16 16:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/04/13 01:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/04 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/04/03 21:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailWasherPro
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2010/03/23 15:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/02/12 04:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/03/23 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2006/01/16 20:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2008/04/14 23:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2004/08/10 18:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2005/12/06 01:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Video DVD Maker FREE
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virtual Mechanics
[2010/04/24 03:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/24 02:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/09 12:58:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 12:58:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 12:58:00 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >
OTL Extras logfile created on: 4/24/2010 2:59:02 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 44.85 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"21:TCP" = 21:TCP:192.168.0.6/255.255.255.255:Enabled:nofeelftp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares -- (Ares Development Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\MasterWriter 2.0\jre6\bin\java.exe" = C:\Program Files\MasterWriter 2.0\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Owner\Desktop\alberta files\photo200410-jpg-www-facebook-com.scr" = C:\Documents and Settings\Owner\Desktop\alberta files\photo200410-jpg-www-facebook-com.scr:*:Enabled:Userinit -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A21BED943}" = Video DVD Maker Free v1.3.0.31
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3DF6425C-27C8-4B05-A943-588417AF947C}" = MovieDV 4.0
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49188E15-9B2E-4913-9107-A5D01821AC68}" = TouchPad On/Off Utility
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.13 PRO Trial
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}" = Adobe After Effects 6.5
"{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76891D7A-8525-11D7-A362-000476CE4CF1}" = YAMAHA Voice Editor for MOTIF ES6/7/8
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{826C3E36-A1C6-4183-B220-34A113E0CE9F}" = SiteSpinner
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FECAE1F-796E-4C1F-AAAF-F75481013C92}" = YAMAHA Audio Mixer
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{93704527-BBB4-4E2E-863C-942BCE48FEA7}" = YAMAHA SQ01 Ver.2.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A65A46CB-F8D7-4C08-94BA-5EA2A7F757E6}" = TWE
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5019DA-5DC2-44E6-808A-1A68F3CCA79D}" = Caricature Studio Green 3.6
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACE8349C-17B2-4527-8D46-EA584E81F0CA}" = MP3 Player Product Tools
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B57A0ED6-7A79-4568-8A49-8C3863375A4F}" = FriendFinder Messenger v3.0
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C34E19B2-F4D4-4C1F-A565-BA92627178D8}" = Sony Media Manager 2.0
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = KWC-101
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}" = TOSHIBA Hotkey Utility
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC53BB56-FBB5-47BE-B342-E43CC83C0ECF}" = Sony Vegas 6.0c
"{DE0FB40A-D291-4983-88BC-5C316B38B857}" = Sony Vegas 4.0e
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E78C5AC1-4580-4465-9318-0A1B597973E0}" = SiteSpinner V2.7
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F16086C2-21CD-42CE-9EC8-2E5302D010B2}" = TOSHIBA Power Management Utility
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Ares" = Ares 2.0.9
"ASIO4ALL v2" = ASIO4ALL v2
"AT&T Connection Services Software" = AT&T Connection Services Manager
"ATI Display Driver" = ATI Display Driver
"AtomixMP3 v2.3 Trial" = AtomixMP3 v2.3 Trial
"AVG9Uninstall" = AVG Free 9.0
"BackgammonMasters_is1" = BackgammonMasters Client
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"DreamStation DXi2" = DreamStation DXi2
"dvdSanta 3.43 - Create Your Own DVD Movies!_is1" = dvdSanta 3.43
"EzButton" = Easy Button
"Firetrust Benign_is1" = Firetrust Benign 1.41
"FLV Player" = FLV Player 2.0, build 24
"Forte Agent" = Forté Agent
"Free Download Manager_is1" = Free Download Manager 2.1 - Free Downloads Center Edition
"HijackThis" = HijackThis 1.99.1
"hp print screen utility" = hp print screen utility
"ICEOWS" = Iceows V4.20b
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{49188E15-9B2E-4913-9107-A5D01821AC68}" = TouchPad On/Off Utility
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"InstallShield_{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}" = TOSHIBA Hotkey Utility
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{F16086C2-21CD-42CE-9EC8-2E5302D010B2}" = TOSHIBA Power Management Utility
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.5.8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MailWasher Free_is1" = MailWasher Free
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterWriter" = MasterWriter
"MasterWriter 2.0" = MasterWriter 2.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mixxx" = Mixxx
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NetXfer (Multilingual)_is1" = NetXfer 1.99.300
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notebook_Maximizer" = Notebook Maximizer
"PalTalk8.2" = PaltalkScene
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Port Magic" = Pure Networks Port Magic
"PreSonus 1394 Audio Driver V1.20.0 (FIREBox) Setup" = PreSonus 1394 Audio Driver V1.20.0 (FIREBox)
"RealPlayer 6.0" = RealPlayer
"Serv-U_is1" = Serv-U 6.4
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SONAR 4 Producer Edition" = SONAR 4 Producer Edition
"SONAR 5 Producer Edition" = SONAR 5 Producer Edition
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TOSHIBA Access" = TOSHIBA Access
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Ultra_Surface_Concrete_Systems_1.0" = Ultra Surface Concrete Systems 1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vx4SLPlayer_is1" = Vx4SLPlayer 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zulu" = Zulu DJ Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/19/2010 2:00:00 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/20/2010 5:04:54 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/21/2010 2:29:23 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/21/2010 3:13:16 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application msn virus remover.exe, version 4.36.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00011129.
Error - 4/21/2010 3:21:36 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application msn virus remover.exe, version 4.36.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000369da.
Error - 4/21/2010 3:21:40 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1001
Description = Fault bucket 1795073542.
Error - 4/21/2010 4:54:18 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 5:46:56 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 2:21:28 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 10:33:30 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
[ System Events ]
Error - 4/22/2010 12:25:23 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 5:47:17 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 12:33:13 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 12:34:20 PM | Computer Name = TOSHIBA-USER | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 00025084, parameter3
00000001, parameter4 00000000.
Error - 4/22/2010 2:21:41 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 10:33:42 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 11:06:58 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).
Error - 4/23/2010 6:41:47 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/23/2010 6:42:42 PM | Computer Name = TOSHIBA-USER | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3
00000000, parameter4 804fa9ea.
Error - 4/24/2010 2:53:40 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 16:33:11
Windows 5.1.2600 Service Pack 3
Running: glvyiyvq.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwliyfob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEC73E320]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF6E3F900]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs EB54D400
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 4/24/2010 2:59:02 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 44.85 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
PRC - [2010/04/20 14:45:32 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/20 14:45:22 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 13:29:35 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/03/13 16:01:35 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 16:01:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/02 17:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
PRC - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
PRC - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
========== Modules (SafeList) ==========
MOD - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) [Auto | Running] -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe -- (CeEPwrSvc)
SRV - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
========== Driver Services (SafeList) ==========
DRV - [2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/09/17 20:55:55 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/02/13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/09/29 16:56:52 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/09/29 16:56:52 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/09/29 16:56:30 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/09/29 16:56:08 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/01/14 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/01/14 01:05:00 | 000,099,098 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/01/14 01:05:00 | 000,087,706 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/01/14 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/01/14 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/01/14 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/01/14 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/01/14 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/01/14 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/23 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/22 20:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/10/14 18:33:26 | 000,024,576 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_avs.sys -- (ps_avs)
DRV - [2004/10/14 18:33:22 | 000,097,152 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_1394.sys -- (ps_1394)
DRV - [2004/09/02 18:51:08 | 000,004,224 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2004/08/19 17:03:08 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ECioctl.sys -- (SrvcEPECioctl)
DRV - [2004/08/17 03:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/10 16:55:11 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 18:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 18:05:06 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/12 16:48:08 | 000,036,480 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2004/07/12 16:48:02 | 000,330,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2004/06/25 13:37:22 | 000,058,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2004/06/21 16:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/22 02:11:06 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 18:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/01/12 20:05:58 | 000,017,497 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/11/06 21:39:32 | 000,049,792 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2003/11/06 21:39:18 | 000,004,992 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2003/11/06 21:39:16 | 000,015,872 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/08/13 18:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/04/23 18:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/23 04:24:48 | 000,169,088 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.bs/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.0.145
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.http: "206.219.81.86"
FF - prefs.js..network.proxy.http_port: 8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/20 14:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/27 03:27:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/23 03:19:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/23 03:19:44 | 000,000,000 | ---D | M]
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/04/22 03:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions
[2009/09/06 21:39:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 02:34:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/08 16:50:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 00:51:13 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/19 02:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\[email protected]
[2009/04/01 18:16:40 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\searchplugins\live-search.xml
[2010/04/22 22:40:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/09 12:23:00 | 000,073,728 | ---- | M] (Sobonito Investment LTD) -- C:\Program Files\Mozilla Firefox\plugins\npCID.dll
O1 HOSTS File: ([2010/04/20 16:01:04 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll ()
O2 - BHO: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv3.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/09 20:08:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{68d40ab2-0a00-11df-a9f5-00038a000015}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/09 20:07:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/04/22 13:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010/04/22 12:43:16 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 12:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010/04/22 12:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2010/04/22 12:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2010/04/22 04:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/22 04:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/22 04:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/04/21 23:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\malware removal
[2010/04/21 20:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0
[2010/04/21 03:18:53 | 000,036,864 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\Owner\My Documents\blacks~1.scr.back
[2010/04/21 03:06:21 | 000,403,968 | ---- | C] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/04/20 15:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/04/20 15:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/20 15:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/20 15:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/20 15:23:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 15:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/20 15:08:20 | 000,126,976 | ---- | C] (T5Q) -- C:\WINDOWS\msnmls.exe
[2010/04/18 17:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\fanta
[2010/04/18 01:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ken pics cam
[2010/04/15 22:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\alberta files
[2010/04/13 01:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/12 03:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\akakpo
[2010/04/11 23:20:47 | 006,724,848 | ---- | C] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/09 16:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ayere
[2010/03/30 03:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua
[2010/03/28 01:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Reallusion
[2010/03/28 01:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/03/28 01:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Reallusion
[2010/03/28 01:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Reallusion
[2010/03/28 01:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/03/28 01:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reallusion
[2010/03/27 03:32:51 | 000,315,552 | ---- | C] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/27 02:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\emoticons
[2010/03/25 15:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\rose
[2010/03/23 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/03/23 15:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Nokia
[2010/03/23 15:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/03/23 15:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2010/03/23 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NokiaAccount
[2010/03/23 03:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/03/23 03:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/03/23 03:19:04 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/03/23 03:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/03/23 03:13:55 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/03/20 22:38:44 | 000,023,936 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/03/20 22:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0
[2010/03/11 03:58:09 | 000,000,000 | ---D | C] -- C:\b375ffe80ac140da364a2b7a
[2010/03/06 17:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Alia songs
[2010/03/03 05:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Songs for function
[2010/02/20 19:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/02/20 06:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ken pics
[2010/02/17 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\joyce kojo
[2010/02/13 22:14:46 | 018,848,592 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/13 00:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bellina
[2010/02/12 04:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/02/12 04:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2010/02/11 15:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Video
[2010/02/09 02:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/02/08 17:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2010/02/08 16:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2010/02/07 07:15:55 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2010/02/07 07:15:53 | 000,618,112 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2010/02/07 07:15:52 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_080213.dll
[2010/02/07 07:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Aecotech
[2010/02/07 07:15:44 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP207.ax
[2010/02/07 07:15:44 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P207USD.dll
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2010/02/07 07:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2010/02/06 22:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/06 22:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/02/02 18:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Masterwriter Backups
[2010/02/02 01:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Audio
[2010/01/25 19:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Capture
[2010/01/25 19:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater5
[2010/01/25 18:26:34 | 000,000,000 | ---D | C] -- C:\VxCapture
[2010/01/25 18:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\VxViewer
[2010/01/25 18:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\QSD004 PC ViewerV2.5.0
[2004/08/19 17:00:02 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/04/24 03:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/24 02:59:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/04/24 02:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
[2010/04/24 02:53:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 02:53:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 02:53:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 19:04:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/23 19:04:01 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/04/22 13:07:40 | 000,188,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:46:24 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010/04/22 12:43:15 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 09:54:54 | 059,133,905 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/22 04:56:08 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:50 | 000,960,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/21 03:06:22 | 000,403,968 | ---- | M] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:00:09 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 14:58:34 | 000,126,976 | ---- | M] (T5Q) -- C:\WINDOWS\msnmls.exe
[2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/17 04:34:26 | 000,011,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/14 00:13:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 01:05:47 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 03:28:12 | 000,162,215 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/11 23:20:54 | 006,724,848 | ---- | M] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/06 21:48:22 | 000,001,411 | ---- | M] () -- C:\WINDOWS\ConSol.INI
[2010/04/06 21:47:55 | 000,000,520 | ---- | M] () -- C:\WINDOWS\netdet.ini
[2010/04/04 01:54:35 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/04/04 01:51:21 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin.exe
[2010/03/31 19:08:19 | 002,371,013 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:19:20 | 000,273,545 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 02:06:37 | 000,001,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/29 02:06:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 02:06:37 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/28 01:37:26 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/27 03:32:52 | 000,315,552 | ---- | M] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/23 03:34:33 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:13 | 004,156,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/18 15:18:55 | 000,012,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/16 19:18:11 | 004,950,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/03/14 22:59:47 | 000,654,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 22:59:47 | 000,186,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 22:59:47 | 000,005,342 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 16:01:34 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/20 05:04:19 | 000,001,159 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/13 22:15:12 | 018,848,592 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/12 04:11:01 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:37 | 014,087,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:28:05 | 015,945,361 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:43 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:18 | 000,011,627 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:13:28 | 000,011,237 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:28 | 000,021,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/02 02:33:18 | 003,228,315 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:17:22 | 003,030,621 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:39 | 003,219,785 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/01/30 05:26:30 | 000,006,635 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/29 14:39:48 | 033,575,316 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/25 19:26:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/04/22 13:07:40 | 000,188,090 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:44:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010/04/22 12:43:16 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010/04/22 04:56:08 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:48 | 000,960,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/20 16:00:09 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 04:34:26 | 000,011,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/12 03:28:10 | 000,162,215 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/04 01:54:35 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/03/31 19:07:57 | 002,371,013 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:18:44 | 000,273,545 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/28 01:37:26 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/23 03:34:27 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:09 | 004,156,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:12 | 000,012,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/18 15:17:59 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:17:56 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/16 19:18:03 | 004,950,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/02/20 05:04:19 | 000,001,159 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/12 04:22:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/12 04:11:01 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:27 | 014,087,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:25:32 | 015,945,361 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:42 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:08 | 000,011,627 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:12:58 | 000,011,237 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:25 | 000,021,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/07 07:15:55 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/02/07 07:15:44 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2010/02/02 02:47:59 | 003,228,315 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:47:59 | 003,030,621 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:34 | 003,219,785 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/02/02 01:42:14 | 000,761,604 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\K Talking 'Bout These Islands Jan 20 2010 ken mix.cwp
[2010/02/02 01:41:33 | 033,575,316 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/30 05:26:30 | 000,006,635 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/25 19:26:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
[2009/12/18 15:19:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/12/18 15:19:20 | 000,001,411 | ---- | C] () -- C:\WINDOWS\ConSol.INI
[2008/01/23 09:26:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/01/23 09:26:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933~.sys
[2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933.sys
[2007/07/19 16:12:28 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/29 00:43:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2006/06/24 21:38:08 | 000,003,622 | ---- | C] () -- C:\WINDOWS\TWE.INI
[2006/03/09 01:32:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/12/14 14:32:05 | 000,011,857 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2005/12/01 02:39:17 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Winzip32.ini
[2005/10/10 11:07:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/08/31 14:27:51 | 000,000,657 | ---- | C] () -- C:\WINDOWS\SQ01.INI
[2005/06/15 01:36:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/15 01:34:54 | 000,000,548 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 11:22:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/19 17:03:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECioctl.sys
[2004/08/16 16:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2004/08/10 18:37:33 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/10 18:35:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/10 18:35:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/10 18:35:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/10 18:35:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/10 18:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/08/10 18:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2004/08/10 16:57:26 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/08/10 16:57:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/08/10 16:57:26 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/08/10 16:57:26 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/08/10 16:34:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/10 16:23:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/09 20:37:33 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll
[2004/08/09 20:17:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/09 20:12:23 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 20:04:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 19:32:25 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/13 02:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/04/22 01:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/03/02 13:34:50 | 001,642,496 | ---- | C] () -- C:\WINDOWS\System32\mplva6.dll
[2001/03/02 13:34:50 | 001,576,960 | ---- | C] () -- C:\WINDOWS\System32\mplvw7.dll
[2001/03/02 13:34:50 | 001,548,288 | ---- | C] () -- C:\WINDOWS\System32\mplvm6.dll
[2001/03/02 13:34:50 | 001,118,208 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2001/03/02 13:34:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplapx.dll
[2001/03/02 13:34:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
========== LOP Check ==========
[2006/06/25 02:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2007/09/29 16:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/12/19 03:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/02 23:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/09/29 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2006/05/06 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/10/02 04:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MasterWriter 2.0
[2010/04/22 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2004/08/10 17:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/03/23 03:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/09/29 17:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2006/01/16 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2004/08/10 17:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2005/08/06 13:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2010/01/08 23:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Carnival Software
[2010/02/09 02:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2005/12/18 01:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileMaker
[2006/05/09 20:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FireBox Mixer
[2006/01/27 03:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Firetrust
[2009/05/08 13:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2010/01/09 06:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2004/08/10 18:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/08/16 16:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/04/13 01:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/04 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/04/03 21:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailWasherPro
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2010/03/23 15:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/02/12 04:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/03/23 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2006/01/16 20:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2008/04/14 23:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2004/08/10 18:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2005/12/06 01:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Video DVD Maker FREE
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virtual Mechanics
[2010/04/24 03:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/24 02:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/09 12:58:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 12:58:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 12:58:00 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >
OTL Extras logfile created on: 4/24/2010 2:59:02 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 44.85 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"21:TCP" = 21:TCP:192.168.0.6/255.255.255.255:Enabled:nofeelftp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares -- (Ares Development Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\MasterWriter 2.0\jre6\bin\java.exe" = C:\Program Files\MasterWriter 2.0\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Owner\Desktop\alberta files\photo200410-jpg-www-facebook-com.scr" = C:\Documents and Settings\Owner\Desktop\alberta files\photo200410-jpg-www-facebook-com.scr:*:Enabled:Userinit -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A21BED943}" = Video DVD Maker Free v1.3.0.31
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3DF6425C-27C8-4B05-A943-588417AF947C}" = MovieDV 4.0
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49188E15-9B2E-4913-9107-A5D01821AC68}" = TouchPad On/Off Utility
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.13 PRO Trial
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}" = Adobe After Effects 6.5
"{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76891D7A-8525-11D7-A362-000476CE4CF1}" = YAMAHA Voice Editor for MOTIF ES6/7/8
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{826C3E36-A1C6-4183-B220-34A113E0CE9F}" = SiteSpinner
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FECAE1F-796E-4C1F-AAAF-F75481013C92}" = YAMAHA Audio Mixer
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{93704527-BBB4-4E2E-863C-942BCE48FEA7}" = YAMAHA SQ01 Ver.2.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A65A46CB-F8D7-4C08-94BA-5EA2A7F757E6}" = TWE
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5019DA-5DC2-44E6-808A-1A68F3CCA79D}" = Caricature Studio Green 3.6
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACE8349C-17B2-4527-8D46-EA584E81F0CA}" = MP3 Player Product Tools
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B57A0ED6-7A79-4568-8A49-8C3863375A4F}" = FriendFinder Messenger v3.0
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C34E19B2-F4D4-4C1F-A565-BA92627178D8}" = Sony Media Manager 2.0
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = KWC-101
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}" = TOSHIBA Hotkey Utility
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC53BB56-FBB5-47BE-B342-E43CC83C0ECF}" = Sony Vegas 6.0c
"{DE0FB40A-D291-4983-88BC-5C316B38B857}" = Sony Vegas 4.0e
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E78C5AC1-4580-4465-9318-0A1B597973E0}" = SiteSpinner V2.7
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F16086C2-21CD-42CE-9EC8-2E5302D010B2}" = TOSHIBA Power Management Utility
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Ares" = Ares 2.0.9
"ASIO4ALL v2" = ASIO4ALL v2
"AT&T Connection Services Software" = AT&T Connection Services Manager
"ATI Display Driver" = ATI Display Driver
"AtomixMP3 v2.3 Trial" = AtomixMP3 v2.3 Trial
"AVG9Uninstall" = AVG Free 9.0
"BackgammonMasters_is1" = BackgammonMasters Client
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"DreamStation DXi2" = DreamStation DXi2
"dvdSanta 3.43 - Create Your Own DVD Movies!_is1" = dvdSanta 3.43
"EzButton" = Easy Button
"Firetrust Benign_is1" = Firetrust Benign 1.41
"FLV Player" = FLV Player 2.0, build 24
"Forte Agent" = Forté Agent
"Free Download Manager_is1" = Free Download Manager 2.1 - Free Downloads Center Edition
"HijackThis" = HijackThis 1.99.1
"hp print screen utility" = hp print screen utility
"ICEOWS" = Iceows V4.20b
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{49188E15-9B2E-4913-9107-A5D01821AC68}" = TouchPad On/Off Utility
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"InstallShield_{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}" = TOSHIBA Hotkey Utility
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{F16086C2-21CD-42CE-9EC8-2E5302D010B2}" = TOSHIBA Power Management Utility
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.5.8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MailWasher Free_is1" = MailWasher Free
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterWriter" = MasterWriter
"MasterWriter 2.0" = MasterWriter 2.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mixxx" = Mixxx
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NetXfer (Multilingual)_is1" = NetXfer 1.99.300
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notebook_Maximizer" = Notebook Maximizer
"PalTalk8.2" = PaltalkScene
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Port Magic" = Pure Networks Port Magic
"PreSonus 1394 Audio Driver V1.20.0 (FIREBox) Setup" = PreSonus 1394 Audio Driver V1.20.0 (FIREBox)
"RealPlayer 6.0" = RealPlayer
"Serv-U_is1" = Serv-U 6.4
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SONAR 4 Producer Edition" = SONAR 4 Producer Edition
"SONAR 5 Producer Edition" = SONAR 5 Producer Edition
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TOSHIBA Access" = TOSHIBA Access
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Ultra_Surface_Concrete_Systems_1.0" = Ultra Surface Concrete Systems 1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vx4SLPlayer_is1" = Vx4SLPlayer 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zulu" = Zulu DJ Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/19/2010 2:00:00 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/20/2010 5:04:54 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/21/2010 2:29:23 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/21/2010 3:13:16 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application msn virus remover.exe, version 4.36.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00011129.
Error - 4/21/2010 3:21:36 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application msn virus remover.exe, version 4.36.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000369da.
Error - 4/21/2010 3:21:40 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1001
Description = Fault bucket 1795073542.
Error - 4/21/2010 4:54:18 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 5:46:56 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 2:21:28 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 10:33:30 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
[ System Events ]
Error - 4/22/2010 12:25:23 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 5:47:17 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 12:33:13 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 12:34:20 PM | Computer Name = TOSHIBA-USER | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 00025084, parameter3
00000001, parameter4 00000000.
Error - 4/22/2010 2:21:41 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 10:33:42 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 11:06:58 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).
Error - 4/23/2010 6:41:47 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/23/2010 6:42:42 PM | Computer Name = TOSHIBA-USER | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3
00000000, parameter4 804fa9ea.
Error - 4/24/2010 2:53:40 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
< End of report >
#4
Posted 24 April 2010 - 12:10 PM
Elliot
-
- Expert
-
- 3,769 posts
Retired Staff
Hi Tia!
Step 1:
OTL
Run OTL
Step 2:
ComboFix
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
Step 3:
Reply
Things I need to see in your reply:
Elster
Step 1:
OTL
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe [2010/04/20 15:08:20 | 000,126,976 | ---- | C] (T5Q) -- C:\WINDOWS\msnmls.exe [2010/03/11 03:58:09 | 000,000,000 | ---D | C] -- C:\b375ffe80ac140da364a2b7a [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2010/04/22 12:46:24 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx [2010/04/13 01:05:47 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933~.sys [2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933.sys :Services :Reg :Files :Commands [purity] [emptytemp] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Then post a new OTL log
Step 2:
ComboFix
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
Step 3:
Reply
Things I need to see in your reply:
- OTL log
- Contents of C:\ComboFix.txt
- How is your computer running now?
Elster
#5
Posted 25 April 2010 - 12:18 AM
salsamac
- Topic Starter
-
- Member
-
- 5 posts
New Member
Hi, had some problems along the way: combofix froze and I had to reboot, when I restarted computer and tried to run it again it said I should download again because it had been compromised by some file virus..name virut or something like that.
So I re-downloaded and run. Here are the two app's results:
OTL logfile created on: 4/24/2010 2:59:02 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 44.85 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
PRC - [2010/04/20 14:45:32 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/20 14:45:22 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 13:29:35 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/03/13 16:01:35 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 16:01:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/02 17:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
PRC - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
PRC - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
========== Modules (SafeList) ==========
MOD - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) [Auto | Running] -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe -- (CeEPwrSvc)
SRV - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
========== Driver Services (SafeList) ==========
DRV - [2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/09/17 20:55:55 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/02/13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/09/29 16:56:52 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/09/29 16:56:52 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/09/29 16:56:30 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/09/29 16:56:08 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/01/14 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/01/14 01:05:00 | 000,099,098 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/01/14 01:05:00 | 000,087,706 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/01/14 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/01/14 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/01/14 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/01/14 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/01/14 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/01/14 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/23 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/22 20:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/10/14 18:33:26 | 000,024,576 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_avs.sys -- (ps_avs)
DRV - [2004/10/14 18:33:22 | 000,097,152 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_1394.sys -- (ps_1394)
DRV - [2004/09/02 18:51:08 | 000,004,224 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2004/08/19 17:03:08 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ECioctl.sys -- (SrvcEPECioctl)
DRV - [2004/08/17 03:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/10 16:55:11 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 18:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 18:05:06 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/12 16:48:08 | 000,036,480 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2004/07/12 16:48:02 | 000,330,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2004/06/25 13:37:22 | 000,058,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2004/06/21 16:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/22 02:11:06 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 18:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/01/12 20:05:58 | 000,017,497 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/11/06 21:39:32 | 000,049,792 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2003/11/06 21:39:18 | 000,004,992 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2003/11/06 21:39:16 | 000,015,872 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/08/13 18:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/04/23 18:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/23 04:24:48 | 000,169,088 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.bs/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.0.145
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.http: "206.219.81.86"
FF - prefs.js..network.proxy.http_port: 8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/20 14:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/27 03:27:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/23 03:19:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/23 03:19:44 | 000,000,000 | ---D | M]
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/04/22 03:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions
[2009/09/06 21:39:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 02:34:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/08 16:50:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 00:51:13 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/19 02:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\[email protected]
[2009/04/01 18:16:40 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\searchplugins\live-search.xml
[2010/04/22 22:40:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/09 12:23:00 | 000,073,728 | ---- | M] (Sobonito Investment LTD) -- C:\Program Files\Mozilla Firefox\plugins\npCID.dll
O1 HOSTS File: ([2010/04/20 16:01:04 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll ()
O2 - BHO: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv3.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/09 20:08:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{68d40ab2-0a00-11df-a9f5-00038a000015}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/09 20:07:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/04/22 13:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010/04/22 12:43:16 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 12:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010/04/22 12:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2010/04/22 12:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2010/04/22 04:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/22 04:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/22 04:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/04/21 23:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\malware removal
[2010/04/21 20:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0
[2010/04/21 03:18:53 | 000,036,864 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\Owner\My Documents\blacks~1.scr.back
[2010/04/21 03:06:21 | 000,403,968 | ---- | C] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/04/20 15:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/04/20 15:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/20 15:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/20 15:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/20 15:23:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 15:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/20 15:08:20 | 000,126,976 | ---- | C] (T5Q) -- C:\WINDOWS\msnmls.exe
[2010/04/18 17:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\fanta
[2010/04/18 01:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ken pics cam
[2010/04/15 22:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\alberta files
[2010/04/13 01:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/12 03:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\akakpo
[2010/04/11 23:20:47 | 006,724,848 | ---- | C] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/09 16:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ayere
[2010/03/30 03:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua
[2010/03/28 01:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Reallusion
[2010/03/28 01:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/03/28 01:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Reallusion
[2010/03/28 01:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Reallusion
[2010/03/28 01:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/03/28 01:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reallusion
[2010/03/27 03:32:51 | 000,315,552 | ---- | C] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/27 02:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\emoticons
[2010/03/25 15:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\rose
[2010/03/23 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/03/23 15:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Nokia
[2010/03/23 15:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/03/23 15:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2010/03/23 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NokiaAccount
[2010/03/23 03:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/03/23 03:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/03/23 03:19:04 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/03/23 03:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/03/23 03:13:55 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/03/20 22:38:44 | 000,023,936 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/03/20 22:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0
[2010/03/11 03:58:09 | 000,000,000 | ---D | C] -- C:\b375ffe80ac140da364a2b7a
[2010/03/06 17:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Alia songs
[2010/03/03 05:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Songs for function
[2010/02/20 19:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/02/20 06:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ken pics
[2010/02/17 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\joyce kojo
[2010/02/13 22:14:46 | 018,848,592 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/13 00:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bellina
[2010/02/12 04:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/02/12 04:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2010/02/11 15:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Video
[2010/02/09 02:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/02/08 17:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2010/02/08 16:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2010/02/07 07:15:55 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2010/02/07 07:15:53 | 000,618,112 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2010/02/07 07:15:52 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_080213.dll
[2010/02/07 07:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Aecotech
[2010/02/07 07:15:44 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP207.ax
[2010/02/07 07:15:44 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P207USD.dll
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2010/02/07 07:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2010/02/06 22:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/06 22:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/02/02 18:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Masterwriter Backups
[2010/02/02 01:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Audio
[2010/01/25 19:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Capture
[2010/01/25 19:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater5
[2010/01/25 18:26:34 | 000,000,000 | ---D | C] -- C:\VxCapture
[2010/01/25 18:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\VxViewer
[2010/01/25 18:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\QSD004 PC ViewerV2.5.0
[2004/08/19 17:00:02 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/04/24 03:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/24 02:59:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/04/24 02:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
[2010/04/24 02:53:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 02:53:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 02:53:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 19:04:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/23 19:04:01 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/04/22 13:07:40 | 000,188,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:46:24 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010/04/22 12:43:15 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 09:54:54 | 059,133,905 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/22 04:56:08 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:50 | 000,960,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/21 03:06:22 | 000,403,968 | ---- | M] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:00:09 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 14:58:34 | 000,126,976 | ---- | M] (T5Q) -- C:\WINDOWS\msnmls.exe
[2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/17 04:34:26 | 000,011,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/14 00:13:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 01:05:47 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 03:28:12 | 000,162,215 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/11 23:20:54 | 006,724,848 | ---- | M] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/06 21:48:22 | 000,001,411 | ---- | M] () -- C:\WINDOWS\ConSol.INI
[2010/04/06 21:47:55 | 000,000,520 | ---- | M] () -- C:\WINDOWS\netdet.ini
[2010/04/04 01:54:35 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/04/04 01:51:21 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin.exe
[2010/03/31 19:08:19 | 002,371,013 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:19:20 | 000,273,545 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 02:06:37 | 000,001,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/29 02:06:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 02:06:37 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/28 01:37:26 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/27 03:32:52 | 000,315,552 | ---- | M] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/23 03:34:33 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:13 | 004,156,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/18 15:18:55 | 000,012,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/16 19:18:11 | 004,950,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/03/14 22:59:47 | 000,654,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 22:59:47 | 000,186,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 22:59:47 | 000,005,342 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 16:01:34 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/20 05:04:19 | 000,001,159 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/13 22:15:12 | 018,848,592 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/12 04:11:01 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:37 | 014,087,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:28:05 | 015,945,361 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:43 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:18 | 000,011,627 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:13:28 | 000,011,237 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:28 | 000,021,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/02 02:33:18 | 003,228,315 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:17:22 | 003,030,621 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:39 | 003,219,785 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/01/30 05:26:30 | 000,006,635 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/29 14:39:48 | 033,575,316 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/25 19:26:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/04/22 13:07:40 | 000,188,090 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:44:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010/04/22 12:43:16 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010/04/22 04:56:08 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:48 | 000,960,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/20 16:00:09 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 04:34:26 | 000,011,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/12 03:28:10 | 000,162,215 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/04 01:54:35 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/03/31 19:07:57 | 002,371,013 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:18:44 | 000,273,545 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/28 01:37:26 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/23 03:34:27 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:09 | 004,156,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:12 | 000,012,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/18 15:17:59 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:17:56 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/16 19:18:03 | 004,950,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/02/20 05:04:19 | 000,001,159 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/12 04:22:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/12 04:11:01 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:27 | 014,087,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:25:32 | 015,945,361 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:42 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:08 | 000,011,627 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:12:58 | 000,011,237 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:25 | 000,021,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/07 07:15:55 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/02/07 07:15:44 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2010/02/02 02:47:59 | 003,228,315 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:47:59 | 003,030,621 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:34 | 003,219,785 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/02/02 01:42:14 | 000,761,604 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\K Talking 'Bout These Islands Jan 20 2010 ken mix.cwp
[2010/02/02 01:41:33 | 033,575,316 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/30 05:26:30 | 000,006,635 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/25 19:26:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
[2009/12/18 15:19:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/12/18 15:19:20 | 000,001,411 | ---- | C] () -- C:\WINDOWS\ConSol.INI
[2008/01/23 09:26:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/01/23 09:26:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933~.sys
[2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933.sys
[2007/07/19 16:12:28 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/29 00:43:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2006/06/24 21:38:08 | 000,003,622 | ---- | C] () -- C:\WINDOWS\TWE.INI
[2006/03/09 01:32:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/12/14 14:32:05 | 000,011,857 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2005/12/01 02:39:17 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Winzip32.ini
[2005/10/10 11:07:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/08/31 14:27:51 | 000,000,657 | ---- | C] () -- C:\WINDOWS\SQ01.INI
[2005/06/15 01:36:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/15 01:34:54 | 000,000,548 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 11:22:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/19 17:03:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECioctl.sys
[2004/08/16 16:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2004/08/10 18:37:33 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/10 18:35:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/10 18:35:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/10 18:35:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/10 18:35:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/10 18:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/08/10 18:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2004/08/10 16:57:26 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/08/10 16:57:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/08/10 16:57:26 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/08/10 16:57:26 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/08/10 16:34:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/10 16:23:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/09 20:37:33 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll
[2004/08/09 20:17:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/09 20:12:23 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 20:04:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 19:32:25 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/13 02:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/04/22 01:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/03/02 13:34:50 | 001,642,496 | ---- | C] () -- C:\WINDOWS\System32\mplva6.dll
[2001/03/02 13:34:50 | 001,576,960 | ---- | C] () -- C:\WINDOWS\System32\mplvw7.dll
[2001/03/02 13:34:50 | 001,548,288 | ---- | C] () -- C:\WINDOWS\System32\mplvm6.dll
[2001/03/02 13:34:50 | 001,118,208 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2001/03/02 13:34:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplapx.dll
[2001/03/02 13:34:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
========== LOP Check ==========
[2006/06/25 02:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2007/09/29 16:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/12/19 03:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/02 23:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/09/29 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2006/05/06 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/10/02 04:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MasterWriter 2.0
[2010/04/22 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2004/08/10 17:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/03/23 03:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/09/29 17:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2006/01/16 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2004/08/10 17:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2005/08/06 13:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2010/01/08 23:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Carnival Software
[2010/02/09 02:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2005/12/18 01:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileMaker
[2006/05/09 20:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FireBox Mixer
[2006/01/27 03:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Firetrust
[2009/05/08 13:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2010/01/09 06:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2004/08/10 18:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/08/16 16:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/04/13 01:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/04 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/04/03 21:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailWasherPro
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2010/03/23 15:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/02/12 04:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/03/23 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2006/01/16 20:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2008/04/14 23:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2004/08/10 18:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2005/12/06 01:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Video DVD Maker FREE
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virtual Mechanics
[2010/04/24 03:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/24 02:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/09 12:58:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 12:58:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 12:58:00 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >
OTL Extras logfile created on: 4/24/2010 2:59:02 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 44.85 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"21:TCP" = 21:TCP:192.168.0.6/255.255.255.255:Enabled:nofeelftp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares -- (Ares Development Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\MasterWriter 2.0\jre6\bin\java.exe" = C:\Program Files\MasterWriter 2.0\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Owner\Desktop\alberta files\photo200410-jpg-www-facebook-com.scr" = C:\Documents and Settings\Owner\Desktop\alberta files\photo200410-jpg-www-facebook-com.scr:*:Enabled:Userinit -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A21BED943}" = Video DVD Maker Free v1.3.0.31
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3DF6425C-27C8-4B05-A943-588417AF947C}" = MovieDV 4.0
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49188E15-9B2E-4913-9107-A5D01821AC68}" = TouchPad On/Off Utility
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.13 PRO Trial
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}" = Adobe After Effects 6.5
"{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76891D7A-8525-11D7-A362-000476CE4CF1}" = YAMAHA Voice Editor for MOTIF ES6/7/8
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{826C3E36-A1C6-4183-B220-34A113E0CE9F}" = SiteSpinner
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FECAE1F-796E-4C1F-AAAF-F75481013C92}" = YAMAHA Audio Mixer
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{93704527-BBB4-4E2E-863C-942BCE48FEA7}" = YAMAHA SQ01 Ver.2.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A65A46CB-F8D7-4C08-94BA-5EA2A7F757E6}" = TWE
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5019DA-5DC2-44E6-808A-1A68F3CCA79D}" = Caricature Studio Green 3.6
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACE8349C-17B2-4527-8D46-EA584E81F0CA}" = MP3 Player Product Tools
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B57A0ED6-7A79-4568-8A49-8C3863375A4F}" = FriendFinder Messenger v3.0
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C34E19B2-F4D4-4C1F-A565-BA92627178D8}" = Sony Media Manager 2.0
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = KWC-101
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}" = TOSHIBA Hotkey Utility
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC53BB56-FBB5-47BE-B342-E43CC83C0ECF}" = Sony Vegas 6.0c
"{DE0FB40A-D291-4983-88BC-5C316B38B857}" = Sony Vegas 4.0e
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E78C5AC1-4580-4465-9318-0A1B597973E0}" = SiteSpinner V2.7
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F16086C2-21CD-42CE-9EC8-2E5302D010B2}" = TOSHIBA Power Management Utility
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Ares" = Ares 2.0.9
"ASIO4ALL v2" = ASIO4ALL v2
"AT&T Connection Services Software" = AT&T Connection Services Manager
"ATI Display Driver" = ATI Display Driver
"AtomixMP3 v2.3 Trial" = AtomixMP3 v2.3 Trial
"AVG9Uninstall" = AVG Free 9.0
"BackgammonMasters_is1" = BackgammonMasters Client
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"DreamStation DXi2" = DreamStation DXi2
"dvdSanta 3.43 - Create Your Own DVD Movies!_is1" = dvdSanta 3.43
"EzButton" = Easy Button
"Firetrust Benign_is1" = Firetrust Benign 1.41
"FLV Player" = FLV Player 2.0, build 24
"Forte Agent" = Forté Agent
"Free Download Manager_is1" = Free Download Manager 2.1 - Free Downloads Center Edition
"HijackThis" = HijackThis 1.99.1
"hp print screen utility" = hp print screen utility
"ICEOWS" = Iceows V4.20b
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{49188E15-9B2E-4913-9107-A5D01821AC68}" = TouchPad On/Off Utility
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"InstallShield_{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}" = TOSHIBA Hotkey Utility
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{F16086C2-21CD-42CE-9EC8-2E5302D010B2}" = TOSHIBA Power Management Utility
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.5.8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MailWasher Free_is1" = MailWasher Free
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterWriter" = MasterWriter
"MasterWriter 2.0" = MasterWriter 2.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mixxx" = Mixxx
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NetXfer (Multilingual)_is1" = NetXfer 1.99.300
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notebook_Maximizer" = Notebook Maximizer
"PalTalk8.2" = PaltalkScene
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Port Magic" = Pure Networks Port Magic
"PreSonus 1394 Audio Driver V1.20.0 (FIREBox) Setup" = PreSonus 1394 Audio Driver V1.20.0 (FIREBox)
"RealPlayer 6.0" = RealPlayer
"Serv-U_is1" = Serv-U 6.4
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SONAR 4 Producer Edition" = SONAR 4 Producer Edition
"SONAR 5 Producer Edition" = SONAR 5 Producer Edition
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TOSHIBA Access" = TOSHIBA Access
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Ultra_Surface_Concrete_Systems_1.0" = Ultra Surface Concrete Systems 1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vx4SLPlayer_is1" = Vx4SLPlayer 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zulu" = Zulu DJ Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/19/2010 2:00:00 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/20/2010 5:04:54 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/21/2010 2:29:23 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/21/2010 3:13:16 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application msn virus remover.exe, version 4.36.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00011129.
Error - 4/21/2010 3:21:36 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application msn virus remover.exe, version 4.36.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000369da.
Error - 4/21/2010 3:21:40 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1001
Description = Fault bucket 1795073542.
Error - 4/21/2010 4:54:18 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 5:46:56 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 2:21:28 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 10:33:30 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
[ System Events ]
Error - 4/22/2010 12:25:23 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 5:47:17 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 12:33:13 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 12:34:20 PM | Computer Name = TOSHIBA-USER | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 00025084, parameter3
00000001, parameter4 00000000.
Error - 4/22/2010 2:21:41 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 10:33:42 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 11:06:58 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).
Error - 4/23/2010 6:41:47 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/23/2010 6:42:42 PM | Computer Name = TOSHIBA-USER | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3
00000000, parameter4 804fa9ea.
Error - 4/24/2010 2:53:40 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
< End of report >
ComboFix 10-04-21.01 - Owner 04/25/2010 1:38.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.295 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix2.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\a.txt
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-3140416192-3415037583-14666274-1003
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
----- BITS: Possible infected sites -----
hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.
2010-04-24 20:52 . 2010-04-24 20:55 -------- d-----w- C:\SMCLpav
2010-04-24 20:28 . 2010-04-24 20:28 -------- d-----w- C:\_OTL
2010-04-22 17:11 . 2010-04-22 17:11 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2010-04-22 16:43 . 2010-04-22 16:43 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-04-22 16:43 . 2010-04-22 16:43 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-04-22 16:43 . 2010-04-22 16:43 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-04-22 16:43 . 2008-04-14 00:12 135680 ----a-w- c:\windows\system32\T.COM
2010-04-22 16:43 . 2008-04-14 00:12 146432 ----a-w- c:\windows\R.COM
2010-04-22 16:43 . 2010-04-22 16:43 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-04-22 16:42 . 2010-04-22 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2010-04-22 16:37 . 2010-04-22 16:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Download Manager
2010-04-22 08:57 . 2010-04-22 08:57 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-22 08:57 . 2010-04-22 08:57 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-22 08:56 . 2010-04-22 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-22 08:55 . 2010-04-22 08:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-22 08:55 . 2010-04-22 08:55 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-04-20 20:01 . 2010-04-20 20:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2010-04-20 20:00 . 2010-04-20 20:00 110080 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe
2010-04-20 20:00 . 2010-04-20 20:00 110080 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe
2010-04-20 20:00 . 2010-04-20 20:00 -------- d-----w- C:\sh4ldr
2010-04-20 20:00 . 2010-04-20 20:00 -------- d-----w- c:\program files\Enigma Software Group
2010-04-20 19:23 . 2010-04-20 19:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-20 19:23 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 19:23 . 2010-04-20 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-20 19:23 . 2010-04-20 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 19:23 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 18:46 . 2010-04-20 18:46 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 18:43 . 2010-04-20 18:43 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-14 06:34 . 2010-03-26 14:33 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-14 06:34 . 2010-03-26 14:33 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-14 06:34 . 2010-03-26 14:33 339456 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-14 06:34 . 2010-03-26 14:32 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-13 05:06 . 2010-04-13 05:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-04-07 17:46 . 2010-04-07 17:46 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-02 17:31 . 2010-04-02 17:31 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-02 17:31 . 2010-04-02 17:31 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-02 17:31 . 2010-04-02 17:31 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-02 17:31 . 2010-04-02 17:31 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-02 17:31 . 2010-04-02 17:31 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-02 17:31 . 2010-04-02 17:31 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-02 17:31 . 2010-04-02 17:31 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-02 17:31 . 2010-04-02 17:31 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-02 17:31 . 2010-04-02 17:31 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-02 17:31 . 2010-04-02 17:31 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-02 17:31 . 2010-04-02 17:31 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-02 17:29 . 2010-04-02 17:29 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-28 05:38 . 2010-03-28 05:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Reallusion
2010-03-28 05:36 . 2008-05-30 18:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-03-28 05:35 . 2010-03-28 05:35 -------- d-----w- c:\windows\Logs
2010-03-28 05:34 . 2010-03-28 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Reallusion
2010-03-28 05:31 . 2010-03-28 05:34 -------- d-----w- c:\program files\Common Files\Reallusion
2010-03-28 05:31 . 2010-03-28 05:32 -------- d-----w- c:\program files\Reallusion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 20:52 . 2004-08-10 20:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 09:43 . 2009-07-09 06:45 -------- d-----w- c:\program files\Mixxx
2010-04-22 09:43 . 2005-09-08 18:12 -------- d-----w- c:\program files\ASIO4ALL v2
2010-04-22 08:54 . 2006-01-30 09:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-20 20:14 . 2005-09-06 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-20 18:45 . 2008-09-18 01:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-04 14:10 . 2008-04-20 22:30 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-04-04 05:54 . 2008-04-20 22:11 -------- d-----w- c:\program files\LimeWire
2010-04-04 01:33 . 2006-01-21 23:42 -------- d-----w- c:\documents and settings\Owner\Application Data\MailWasherPro
2010-03-23 19:34 . 2010-03-23 19:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Nokia
2010-03-23 19:32 . 2010-03-23 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-03-23 19:32 . 2010-03-23 19:32 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Suite
2010-03-23 07:26 . 2010-03-23 07:22 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-23 07:19 . 2010-03-23 07:10 -------- d-----w- c:\program files\Nokia
2010-03-23 07:19 . 2010-03-23 07:19 -------- d-----w- c:\program files\DIFX
2010-03-23 07:16 . 2010-03-23 07:16 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-23 07:11 . 2010-03-23 07:11 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-03-23 07:11 . 2010-03-23 07:11 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-03-23 07:11 . 2010-03-23 07:11 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-23 07:11 . 2010-03-23 07:11 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-03-23 07:11 . 2010-03-23 07:11 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-03-23 07:11 . 2010-03-23 07:11 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-03-23 07:10 . 2010-03-23 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-03-23 07:09 . 2010-03-23 07:10 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_11_update.exe
2010-03-21 02:39 . 2010-03-21 02:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2010-03-21 02:39 . 2010-03-21 02:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-21 02:37 . 2010-03-21 02:37 -------- d-----w- c:\program files\Motorola
2010-03-21 02:37 . 2010-03-21 02:37 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-03-13 20:01 . 2008-09-18 01:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 20:01 . 2008-09-18 01:00 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 20:01 . 2008-09-18 01:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2004-08-09 23:28 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-09 23:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-09 23:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 21:12 . 2010-02-18 21:12 2131336 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\[email protected]\chrome\temp\askToolbar.exe
2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-14 02:23 . 2010-02-14 02:23 225280 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
2010-02-14 02:23 . 2010-02-14 02:23 20992 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
2010-02-14 02:23 . 2010-02-14 02:23 19968 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
2010-02-14 02:23 . 2010-02-14 02:23 8192 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2010-02-14 02:23 . 2010-02-14 02:23 20480 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2010-02-14 02:23 . 2010-02-14 02:23 20480 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2010-02-14 02:23 . 2010-02-14 02:23 18944 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2010-02-14 02:23 . 2010-02-14 02:23 17408 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2010-02-12 04:33 . 2004-08-09 23:26 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-09 23:28 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-09 06:05 . 2010-02-09 06:05 50354 -c--a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
2003-08-27 21:19 . 2004-08-10 21:31 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
1996-12-02 23:44 . 1996-12-02 23:44 582144 -c--a-w- c:\program files\Common Files\dao350.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 20:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=xgusb.cpl
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-09-14 06:55 140568 -c--a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-09-14 07:02 905056 -c--a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-02-20 22:00 88363 -c--a-w- c:\windows\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-10-30 23:46 192512 -c--a-w- c:\program files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-04-22 04:10 335872 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
2004-06-14 12:00 638976 -c--a-w- c:\program files\Toshiba\E-KEY\CeEKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEPOWER]
2004-08-20 01:14 135168 -c--a-w- c:\program files\Toshiba\Power Management\CePMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 23:37 229437 -c--a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-01-14 05:05 122939 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzButton]
2004-05-14 17:29 712704 -c--a-w- c:\program files\EzButton\EzButton.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FIREBOX]
2005-01-28 22:04 1003520 -c--a-w- c:\program files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
2007-07-03 14:31 2254162 -c--a-w- c:\program files\FriendFinder\FriendFinder Messenger 30\imc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 14:36 256576 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2007-12-10 20:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-25 01:17 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
2004-05-25 21:35 28672 -c--a-w- c:\program files\Notebook Maximizer\maximizer_startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 20:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2004-02-03 21:47 1089589 -c--a-w- c:\program files\Toshiba\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2003-10-20 16:39 159744 -c--a-w- c:\toshiba\Ivp\ISM\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-02-20 00:48 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2003-09-05 10:24 65536 -c--a-w- c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
2004-03-15 03:17 53248 -c--a-w- c:\program files\Toshiba\TouchPad\TPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-09-14 06:52 2595480 -c--a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MasterWriter 2.0\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:192.168.0.6/255.255.255.255:Enabled:nofeelftp
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/17/2008 9:00 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/17/2008 9:01 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/2/2009 11:37 PM 308064]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [3/20/2010 10:38 PM 91392]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [3/24/2010 6:48 PM 323992]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S1 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [9/19/2008 2:45 PM 15872]
S1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [9/19/2008 2:45 PM 49792]
S2 mrtRate;mrtRate; [x]
S3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [9/19/2008 2:45 PM 4992]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2/7/2010 7:15 AM 618112]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [5/6/2006 9:19 PM 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [5/6/2006 9:19 PM 24576]
.
Contents of the 'Scheduled Tasks' folder
2010-04-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 21:50]
2010-04-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-10 01:38]
2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = ftp://24.231.36.86/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.bs/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
MSConfigStartUp-HPDJ Taskbar Utility - c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-SmcService - c:\progra~1\Sygate\SPF\smc.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
AddRemove-HijackThis - c:\documents and settings\Owner\Desktop\Trojan removers\Trojan remover\hijackthis\HijackThis.exe
AddRemove-Mixxx - c:\program files\Mixxx\uninstall.exe
AddRemove-PreSonus 1394 Audio Driver V1.20.0 (FIREBox) Setup - c:\program files\PreSonus\1394AudioDriver_FIREBox\uninst.exe Software\PreSonus\1394AudioDriver_FIREBox\Setup
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 01:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\xgusb.cpl
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\xgusb.cpl
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-04-25 01:51:02
ComboFix-quarantined-files.txt 2010-04-25 05:51
Pre-Run: 48,846,426,112 bytes free
Post-Run: 48,806,928,384 bytes free
- - End Of File - - 51D4E23DCF674214A6D5C675F7760236
So I re-downloaded and run. Here are the two app's results:
OTL logfile created on: 4/24/2010 2:59:02 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 44.85 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
PRC - [2010/04/20 14:45:32 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/20 14:45:22 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 13:29:35 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/03/13 16:01:35 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 16:01:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/02 17:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
PRC - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
PRC - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
========== Modules (SafeList) ==========
MOD - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) [Auto | Running] -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe -- (CeEPwrSvc)
SRV - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
========== Driver Services (SafeList) ==========
DRV - [2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/09/17 20:55:55 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/02/13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/09/29 16:56:52 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/09/29 16:56:52 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/09/29 16:56:30 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/09/29 16:56:08 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/01/14 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/01/14 01:05:00 | 000,099,098 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/01/14 01:05:00 | 000,087,706 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/01/14 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/01/14 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/01/14 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/01/14 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/01/14 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/01/14 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/23 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/22 20:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/10/14 18:33:26 | 000,024,576 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_avs.sys -- (ps_avs)
DRV - [2004/10/14 18:33:22 | 000,097,152 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_1394.sys -- (ps_1394)
DRV - [2004/09/02 18:51:08 | 000,004,224 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2004/08/19 17:03:08 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ECioctl.sys -- (SrvcEPECioctl)
DRV - [2004/08/17 03:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/10 16:55:11 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 18:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 18:05:06 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/12 16:48:08 | 000,036,480 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2004/07/12 16:48:02 | 000,330,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2004/06/25 13:37:22 | 000,058,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2004/06/21 16:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/22 02:11:06 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 18:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/01/12 20:05:58 | 000,017,497 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/11/06 21:39:32 | 000,049,792 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2003/11/06 21:39:18 | 000,004,992 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2003/11/06 21:39:16 | 000,015,872 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/08/13 18:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/04/23 18:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/23 04:24:48 | 000,169,088 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.bs/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.0.145
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.http: "206.219.81.86"
FF - prefs.js..network.proxy.http_port: 8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/20 14:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/27 03:27:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/23 03:19:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/23 03:19:44 | 000,000,000 | ---D | M]
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/04/22 03:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions
[2009/09/06 21:39:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 02:34:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/08 16:50:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 00:51:13 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/19 02:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\[email protected]
[2009/04/01 18:16:40 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\searchplugins\live-search.xml
[2010/04/22 22:40:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/09 12:23:00 | 000,073,728 | ---- | M] (Sobonito Investment LTD) -- C:\Program Files\Mozilla Firefox\plugins\npCID.dll
O1 HOSTS File: ([2010/04/20 16:01:04 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll ()
O2 - BHO: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv3.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/09 20:08:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{68d40ab2-0a00-11df-a9f5-00038a000015}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/09 20:07:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/04/22 13:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010/04/22 12:43:16 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 12:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010/04/22 12:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2010/04/22 12:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2010/04/22 04:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/22 04:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/22 04:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/04/21 23:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\malware removal
[2010/04/21 20:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0
[2010/04/21 03:18:53 | 000,036,864 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\Owner\My Documents\blacks~1.scr.back
[2010/04/21 03:06:21 | 000,403,968 | ---- | C] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/04/20 15:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/04/20 15:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/20 15:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/20 15:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/20 15:23:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 15:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/20 15:08:20 | 000,126,976 | ---- | C] (T5Q) -- C:\WINDOWS\msnmls.exe
[2010/04/18 17:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\fanta
[2010/04/18 01:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ken pics cam
[2010/04/15 22:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\alberta files
[2010/04/13 01:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/12 03:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\akakpo
[2010/04/11 23:20:47 | 006,724,848 | ---- | C] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/09 16:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ayere
[2010/03/30 03:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua
[2010/03/28 01:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Reallusion
[2010/03/28 01:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/03/28 01:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Reallusion
[2010/03/28 01:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Reallusion
[2010/03/28 01:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/03/28 01:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reallusion
[2010/03/27 03:32:51 | 000,315,552 | ---- | C] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/27 02:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\emoticons
[2010/03/25 15:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\rose
[2010/03/23 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/03/23 15:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Nokia
[2010/03/23 15:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/03/23 15:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2010/03/23 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NokiaAccount
[2010/03/23 03:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/03/23 03:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/03/23 03:19:04 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/03/23 03:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/03/23 03:13:55 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/03/20 22:38:44 | 000,023,936 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/03/20 22:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0
[2010/03/11 03:58:09 | 000,000,000 | ---D | C] -- C:\b375ffe80ac140da364a2b7a
[2010/03/06 17:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Alia songs
[2010/03/03 05:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Songs for function
[2010/02/20 19:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/02/20 06:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ken pics
[2010/02/17 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\joyce kojo
[2010/02/13 22:14:46 | 018,848,592 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/13 00:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bellina
[2010/02/12 04:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/02/12 04:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2010/02/11 15:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Video
[2010/02/09 02:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/02/08 17:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2010/02/08 16:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2010/02/07 07:15:55 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2010/02/07 07:15:53 | 000,618,112 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2010/02/07 07:15:52 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_080213.dll
[2010/02/07 07:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Aecotech
[2010/02/07 07:15:44 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP207.ax
[2010/02/07 07:15:44 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P207USD.dll
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2010/02/07 07:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2010/02/06 22:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/06 22:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/02/02 18:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Masterwriter Backups
[2010/02/02 01:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Audio
[2010/01/25 19:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Capture
[2010/01/25 19:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater5
[2010/01/25 18:26:34 | 000,000,000 | ---D | C] -- C:\VxCapture
[2010/01/25 18:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\VxViewer
[2010/01/25 18:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\QSD004 PC ViewerV2.5.0
[2004/08/19 17:00:02 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/04/24 03:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/24 02:59:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/04/24 02:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
[2010/04/24 02:53:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 02:53:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 02:53:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 19:04:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/23 19:04:01 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/04/22 13:07:40 | 000,188,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:46:24 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010/04/22 12:43:15 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 09:54:54 | 059,133,905 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/22 04:56:08 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:50 | 000,960,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/21 03:06:22 | 000,403,968 | ---- | M] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:00:09 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 14:58:34 | 000,126,976 | ---- | M] (T5Q) -- C:\WINDOWS\msnmls.exe
[2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/17 04:34:26 | 000,011,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/14 00:13:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 01:05:47 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 03:28:12 | 000,162,215 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/11 23:20:54 | 006,724,848 | ---- | M] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/06 21:48:22 | 000,001,411 | ---- | M] () -- C:\WINDOWS\ConSol.INI
[2010/04/06 21:47:55 | 000,000,520 | ---- | M] () -- C:\WINDOWS\netdet.ini
[2010/04/04 01:54:35 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/04/04 01:51:21 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin.exe
[2010/03/31 19:08:19 | 002,371,013 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:19:20 | 000,273,545 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 02:06:37 | 000,001,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/29 02:06:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 02:06:37 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/28 01:37:26 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/27 03:32:52 | 000,315,552 | ---- | M] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/23 03:34:33 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:13 | 004,156,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/18 15:18:55 | 000,012,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/16 19:18:11 | 004,950,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/03/14 22:59:47 | 000,654,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 22:59:47 | 000,186,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 22:59:47 | 000,005,342 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 16:01:34 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/20 05:04:19 | 000,001,159 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/13 22:15:12 | 018,848,592 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/12 04:11:01 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:37 | 014,087,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:28:05 | 015,945,361 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:43 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:18 | 000,011,627 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:13:28 | 000,011,237 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:28 | 000,021,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/02 02:33:18 | 003,228,315 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:17:22 | 003,030,621 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:39 | 003,219,785 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/01/30 05:26:30 | 000,006,635 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/29 14:39:48 | 033,575,316 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/25 19:26:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/04/22 13:07:40 | 000,188,090 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:44:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010/04/22 12:43:16 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010/04/22 04:56:08 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:48 | 000,960,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/20 16:00:09 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 04:34:26 | 000,011,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/12 03:28:10 | 000,162,215 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/04 01:54:35 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/03/31 19:07:57 | 002,371,013 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:18:44 | 000,273,545 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/28 01:37:26 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/23 03:34:27 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:09 | 004,156,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:12 | 000,012,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/18 15:17:59 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:17:56 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/16 19:18:03 | 004,950,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/02/20 05:04:19 | 000,001,159 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/12 04:22:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/12 04:11:01 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:27 | 014,087,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:25:32 | 015,945,361 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:42 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:08 | 000,011,627 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:12:58 | 000,011,237 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:25 | 000,021,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/07 07:15:55 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/02/07 07:15:44 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2010/02/02 02:47:59 | 003,228,315 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:47:59 | 003,030,621 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:34 | 003,219,785 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/02/02 01:42:14 | 000,761,604 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\K Talking 'Bout These Islands Jan 20 2010 ken mix.cwp
[2010/02/02 01:41:33 | 033,575,316 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/30 05:26:30 | 000,006,635 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/25 19:26:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
[2009/12/18 15:19:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/12/18 15:19:20 | 000,001,411 | ---- | C] () -- C:\WINDOWS\ConSol.INI
[2008/01/23 09:26:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/01/23 09:26:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933~.sys
[2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933.sys
[2007/07/19 16:12:28 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/29 00:43:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2006/06/24 21:38:08 | 000,003,622 | ---- | C] () -- C:\WINDOWS\TWE.INI
[2006/03/09 01:32:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/12/14 14:32:05 | 000,011,857 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2005/12/01 02:39:17 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Winzip32.ini
[2005/10/10 11:07:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/08/31 14:27:51 | 000,000,657 | ---- | C] () -- C:\WINDOWS\SQ01.INI
[2005/06/15 01:36:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/15 01:34:54 | 000,000,548 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 11:22:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/19 17:03:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECioctl.sys
[2004/08/16 16:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2004/08/10 18:37:33 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/10 18:35:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/10 18:35:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/10 18:35:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/10 18:35:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/10 18:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/08/10 18:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2004/08/10 16:57:26 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/08/10 16:57:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/08/10 16:57:26 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/08/10 16:57:26 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/08/10 16:34:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/10 16:23:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/09 20:37:33 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll
[2004/08/09 20:17:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/09 20:12:23 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 20:04:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 19:32:25 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/13 02:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/04/22 01:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/03/02 13:34:50 | 001,642,496 | ---- | C] () -- C:\WINDOWS\System32\mplva6.dll
[2001/03/02 13:34:50 | 001,576,960 | ---- | C] () -- C:\WINDOWS\System32\mplvw7.dll
[2001/03/02 13:34:50 | 001,548,288 | ---- | C] () -- C:\WINDOWS\System32\mplvm6.dll
[2001/03/02 13:34:50 | 001,118,208 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2001/03/02 13:34:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplapx.dll
[2001/03/02 13:34:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
========== LOP Check ==========
[2006/06/25 02:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2007/09/29 16:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/12/19 03:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/02 23:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/09/29 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2006/05/06 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/10/02 04:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MasterWriter 2.0
[2010/04/22 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2004/08/10 17:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/03/23 03:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/09/29 17:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2006/01/16 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2004/08/10 17:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2005/08/06 13:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2010/01/08 23:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Carnival Software
[2010/02/09 02:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2005/12/18 01:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileMaker
[2006/05/09 20:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FireBox Mixer
[2006/01/27 03:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Firetrust
[2009/05/08 13:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2010/01/09 06:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2004/08/10 18:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/08/16 16:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/04/13 01:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/04 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/04/03 21:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailWasherPro
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2010/03/23 15:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/02/12 04:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/03/23 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2006/01/16 20:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2008/04/14 23:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2004/08/10 18:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2005/12/06 01:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Video DVD Maker FREE
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virtual Mechanics
[2010/04/24 03:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/24 02:56:47 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/08 04:55:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/09 12:58:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 12:58:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 12:58:00 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >
OTL Extras logfile created on: 4/24/2010 2:59:02 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 44.85 Gb Free Space | 48.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"21:TCP" = 21:TCP:192.168.0.6/255.255.255.255:Enabled:nofeelftp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares -- (Ares Development Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\MasterWriter 2.0\jre6\bin\java.exe" = C:\Program Files\MasterWriter 2.0\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Owner\Desktop\alberta files\photo200410-jpg-www-facebook-com.scr" = C:\Documents and Settings\Owner\Desktop\alberta files\photo200410-jpg-www-facebook-com.scr:*:Enabled:Userinit -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A21BED943}" = Video DVD Maker Free v1.3.0.31
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3DF6425C-27C8-4B05-A943-588417AF947C}" = MovieDV 4.0
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49188E15-9B2E-4913-9107-A5D01821AC68}" = TouchPad On/Off Utility
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.13 PRO Trial
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}" = Adobe After Effects 6.5
"{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76891D7A-8525-11D7-A362-000476CE4CF1}" = YAMAHA Voice Editor for MOTIF ES6/7/8
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{826C3E36-A1C6-4183-B220-34A113E0CE9F}" = SiteSpinner
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FECAE1F-796E-4C1F-AAAF-F75481013C92}" = YAMAHA Audio Mixer
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{93704527-BBB4-4E2E-863C-942BCE48FEA7}" = YAMAHA SQ01 Ver.2.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A65A46CB-F8D7-4C08-94BA-5EA2A7F757E6}" = TWE
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5019DA-5DC2-44E6-808A-1A68F3CCA79D}" = Caricature Studio Green 3.6
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACE8349C-17B2-4527-8D46-EA584E81F0CA}" = MP3 Player Product Tools
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B57A0ED6-7A79-4568-8A49-8C3863375A4F}" = FriendFinder Messenger v3.0
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C34E19B2-F4D4-4C1F-A565-BA92627178D8}" = Sony Media Manager 2.0
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = KWC-101
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}" = TOSHIBA Hotkey Utility
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC53BB56-FBB5-47BE-B342-E43CC83C0ECF}" = Sony Vegas 6.0c
"{DE0FB40A-D291-4983-88BC-5C316B38B857}" = Sony Vegas 4.0e
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E78C5AC1-4580-4465-9318-0A1B597973E0}" = SiteSpinner V2.7
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F16086C2-21CD-42CE-9EC8-2E5302D010B2}" = TOSHIBA Power Management Utility
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Ares" = Ares 2.0.9
"ASIO4ALL v2" = ASIO4ALL v2
"AT&T Connection Services Software" = AT&T Connection Services Manager
"ATI Display Driver" = ATI Display Driver
"AtomixMP3 v2.3 Trial" = AtomixMP3 v2.3 Trial
"AVG9Uninstall" = AVG Free 9.0
"BackgammonMasters_is1" = BackgammonMasters Client
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"DreamStation DXi2" = DreamStation DXi2
"dvdSanta 3.43 - Create Your Own DVD Movies!_is1" = dvdSanta 3.43
"EzButton" = Easy Button
"Firetrust Benign_is1" = Firetrust Benign 1.41
"FLV Player" = FLV Player 2.0, build 24
"Forte Agent" = Forté Agent
"Free Download Manager_is1" = Free Download Manager 2.1 - Free Downloads Center Edition
"HijackThis" = HijackThis 1.99.1
"hp print screen utility" = hp print screen utility
"ICEOWS" = Iceows V4.20b
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{49188E15-9B2E-4913-9107-A5D01821AC68}" = TouchPad On/Off Utility
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"InstallShield_{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}" = TOSHIBA Hotkey Utility
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{F16086C2-21CD-42CE-9EC8-2E5302D010B2}" = TOSHIBA Power Management Utility
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.5.8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MailWasher Free_is1" = MailWasher Free
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterWriter" = MasterWriter
"MasterWriter 2.0" = MasterWriter 2.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mixxx" = Mixxx
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NetXfer (Multilingual)_is1" = NetXfer 1.99.300
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notebook_Maximizer" = Notebook Maximizer
"PalTalk8.2" = PaltalkScene
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Port Magic" = Pure Networks Port Magic
"PreSonus 1394 Audio Driver V1.20.0 (FIREBox) Setup" = PreSonus 1394 Audio Driver V1.20.0 (FIREBox)
"RealPlayer 6.0" = RealPlayer
"Serv-U_is1" = Serv-U 6.4
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SONAR 4 Producer Edition" = SONAR 4 Producer Edition
"SONAR 5 Producer Edition" = SONAR 5 Producer Edition
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TOSHIBA Access" = TOSHIBA Access
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"Ultra_Surface_Concrete_Systems_1.0" = Ultra Surface Concrete Systems 1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Vx4SLPlayer_is1" = Vx4SLPlayer 1.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zulu" = Zulu DJ Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/19/2010 2:00:00 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/20/2010 5:04:54 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/21/2010 2:29:23 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/21/2010 3:13:16 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application msn virus remover.exe, version 4.36.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00011129.
Error - 4/21/2010 3:21:36 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1000
Description = Faulting application msn virus remover.exe, version 4.36.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000369da.
Error - 4/21/2010 3:21:40 AM | Computer Name = TOSHIBA-USER | Source = Application Error | ID = 1001
Description = Fault bucket 1795073542.
Error - 4/21/2010 4:54:18 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 5:46:56 AM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 2:21:28 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/22/2010 10:33:30 PM | Computer Name = TOSHIBA-USER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
[ System Events ]
Error - 4/22/2010 12:25:23 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 5:47:17 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 12:33:13 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 12:34:20 PM | Computer Name = TOSHIBA-USER | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 00025084, parameter3
00000001, parameter4 00000000.
Error - 4/22/2010 2:21:41 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 10:33:42 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/22/2010 11:06:58 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).
Error - 4/23/2010 6:41:47 PM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 4/23/2010 6:42:42 PM | Computer Name = TOSHIBA-USER | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3
00000000, parameter4 804fa9ea.
Error - 4/24/2010 2:53:40 AM | Computer Name = TOSHIBA-USER | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
< End of report >
ComboFix 10-04-21.01 - Owner 04/25/2010 1:38.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.295 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix2.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\a.txt
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-3140416192-3415037583-14666274-1003
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
----- BITS: Possible infected sites -----
hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2010-03-25 to 2010-04-25 )))))))))))))))))))))))))))))))
.
2010-04-24 20:52 . 2010-04-24 20:55 -------- d-----w- C:\SMCLpav
2010-04-24 20:28 . 2010-04-24 20:28 -------- d-----w- C:\_OTL
2010-04-22 17:11 . 2010-04-22 17:11 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2010-04-22 16:43 . 2010-04-22 16:43 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-04-22 16:43 . 2010-04-22 16:43 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-04-22 16:43 . 2010-04-22 16:43 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-04-22 16:43 . 2008-04-14 00:12 135680 ----a-w- c:\windows\system32\T.COM
2010-04-22 16:43 . 2008-04-14 00:12 146432 ----a-w- c:\windows\R.COM
2010-04-22 16:43 . 2010-04-22 16:43 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-04-22 16:42 . 2010-04-22 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2010-04-22 16:37 . 2010-04-22 16:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Download Manager
2010-04-22 08:57 . 2010-04-22 08:57 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-22 08:57 . 2010-04-22 08:57 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-22 08:56 . 2010-04-22 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-22 08:55 . 2010-04-22 08:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-22 08:55 . 2010-04-22 08:55 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-04-20 20:01 . 2010-04-20 20:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2010-04-20 20:00 . 2010-04-20 20:00 110080 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe
2010-04-20 20:00 . 2010-04-20 20:00 110080 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe
2010-04-20 20:00 . 2010-04-20 20:00 -------- d-----w- C:\sh4ldr
2010-04-20 20:00 . 2010-04-20 20:00 -------- d-----w- c:\program files\Enigma Software Group
2010-04-20 19:23 . 2010-04-20 19:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-04-20 19:23 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 19:23 . 2010-04-20 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-20 19:23 . 2010-04-20 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 19:23 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 18:46 . 2010-04-20 18:46 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 18:43 . 2010-04-20 18:43 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-14 06:34 . 2010-03-26 14:33 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-14 06:34 . 2010-03-26 14:33 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-14 06:34 . 2010-03-26 14:33 339456 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-14 06:34 . 2010-03-26 14:32 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-13 05:06 . 2010-04-13 05:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-04-07 17:46 . 2010-04-07 17:46 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-02 17:31 . 2010-04-02 17:31 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-02 17:31 . 2010-04-02 17:31 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-02 17:31 . 2010-04-02 17:31 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-02 17:31 . 2010-04-02 17:31 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-02 17:31 . 2010-04-02 17:31 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-02 17:31 . 2010-04-02 17:31 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-02 17:31 . 2010-04-02 17:31 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-02 17:31 . 2010-04-02 17:31 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-02 17:31 . 2010-04-02 17:31 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-02 17:31 . 2010-04-02 17:31 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-02 17:31 . 2010-04-02 17:31 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-02 17:29 . 2010-04-02 17:29 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-28 05:38 . 2010-03-28 05:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Reallusion
2010-03-28 05:36 . 2008-05-30 18:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-03-28 05:35 . 2010-03-28 05:35 -------- d-----w- c:\windows\Logs
2010-03-28 05:34 . 2010-03-28 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Reallusion
2010-03-28 05:31 . 2010-03-28 05:34 -------- d-----w- c:\program files\Common Files\Reallusion
2010-03-28 05:31 . 2010-03-28 05:32 -------- d-----w- c:\program files\Reallusion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 20:52 . 2004-08-10 20:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 09:43 . 2009-07-09 06:45 -------- d-----w- c:\program files\Mixxx
2010-04-22 09:43 . 2005-09-08 18:12 -------- d-----w- c:\program files\ASIO4ALL v2
2010-04-22 08:54 . 2006-01-30 09:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-20 20:14 . 2005-09-06 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-20 18:45 . 2008-09-18 01:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-04 14:10 . 2008-04-20 22:30 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-04-04 05:54 . 2008-04-20 22:11 -------- d-----w- c:\program files\LimeWire
2010-04-04 01:33 . 2006-01-21 23:42 -------- d-----w- c:\documents and settings\Owner\Application Data\MailWasherPro
2010-03-23 19:34 . 2010-03-23 19:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Nokia
2010-03-23 19:32 . 2010-03-23 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-03-23 19:32 . 2010-03-23 19:32 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Suite
2010-03-23 07:26 . 2010-03-23 07:22 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-23 07:19 . 2010-03-23 07:10 -------- d-----w- c:\program files\Nokia
2010-03-23 07:19 . 2010-03-23 07:19 -------- d-----w- c:\program files\DIFX
2010-03-23 07:16 . 2010-03-23 07:16 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-23 07:11 . 2010-03-23 07:11 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-03-23 07:11 . 2010-03-23 07:11 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-03-23 07:11 . 2010-03-23 07:11 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-23 07:11 . 2010-03-23 07:11 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-03-23 07:11 . 2010-03-23 07:11 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-03-23 07:11 . 2010-03-23 07:11 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-03-23 07:10 . 2010-03-23 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-03-23 07:09 . 2010-03-23 07:10 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_11_update.exe
2010-03-21 02:39 . 2010-03-21 02:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2010-03-21 02:39 . 2010-03-21 02:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-21 02:37 . 2010-03-21 02:37 -------- d-----w- c:\program files\Motorola
2010-03-21 02:37 . 2010-03-21 02:37 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-03-13 20:01 . 2008-09-18 01:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 20:01 . 2008-09-18 01:00 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 20:01 . 2008-09-18 01:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2004-08-09 23:28 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-09 23:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-09 23:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 21:12 . 2010-02-18 21:12 2131336 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\[email protected]\chrome\temp\askToolbar.exe
2010-02-16 14:08 . 2004-08-03 23:18 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-14 02:23 . 2010-02-14 02:23 225280 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
2010-02-14 02:23 . 2010-02-14 02:23 20992 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
2010-02-14 02:23 . 2010-02-14 02:23 19968 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
2010-02-14 02:23 . 2010-02-14 02:23 8192 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2010-02-14 02:23 . 2010-02-14 02:23 20480 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2010-02-14 02:23 . 2010-02-14 02:23 20480 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2010-02-14 02:23 . 2010-02-14 02:23 18944 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2010-02-14 02:23 . 2010-02-14 02:23 17408 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2010-02-12 04:33 . 2004-08-09 23:26 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-09 23:28 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-09 06:05 . 2010-02-09 06:05 50354 -c--a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
2003-08-27 21:19 . 2004-08-10 21:31 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
1996-12-02 23:44 . 1996-12-02 23:44 582144 -c--a-w- c:\program files\Common Files\dao350.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 20:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=xgusb.cpl
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-09-14 06:55 140568 -c--a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-09-14 07:02 905056 -c--a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-02-20 22:00 88363 -c--a-w- c:\windows\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2003-10-30 23:46 192512 -c--a-w- c:\program files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-04-22 04:10 335872 -c--a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
2004-06-14 12:00 638976 -c--a-w- c:\program files\Toshiba\E-KEY\CeEKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEPOWER]
2004-08-20 01:14 135168 -c--a-w- c:\program files\Toshiba\Power Management\CePMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 23:37 229437 -c--a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-01-14 05:05 122939 -c--a-w- c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzButton]
2004-05-14 17:29 712704 -c--a-w- c:\program files\EzButton\EzButton.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FIREBOX]
2005-01-28 22:04 1003520 -c--a-w- c:\program files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
2007-07-03 14:31 2254162 -c--a-w- c:\program files\FriendFinder\FriendFinder Messenger 30\imc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 14:36 256576 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2007-12-10 20:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-25 01:17 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
2004-05-25 21:35 28672 -c--a-w- c:\program files\Notebook Maximizer\maximizer_startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-10 20:55 323584 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
2004-02-03 21:47 1089589 -c--a-w- c:\program files\Toshiba\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
2003-10-20 16:39 159744 -c--a-w- c:\toshiba\Ivp\ISM\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-02-20 00:48 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2003-09-05 10:24 65536 -c--a-w- c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
2004-03-15 03:17 53248 -c--a-w- c:\program files\Toshiba\TouchPad\TPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-09-14 06:52 2595480 -c--a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MasterWriter 2.0\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21:TCP"= 21:TCP:192.168.0.6/255.255.255.255:Enabled:nofeelftp
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/17/2008 9:00 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/17/2008 9:01 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/2/2009 11:37 PM 308064]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [3/20/2010 10:38 PM 91392]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [3/24/2010 6:48 PM 323992]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S1 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [9/19/2008 2:45 PM 15872]
S1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [9/19/2008 2:45 PM 49792]
S2 mrtRate;mrtRate; [x]
S3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [9/19/2008 2:45 PM 4992]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2/7/2010 7:15 AM 618112]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [5/6/2006 9:19 PM 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [5/6/2006 9:19 PM 24576]
.
Contents of the 'Scheduled Tasks' folder
2010-04-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 21:50]
2010-04-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-10 01:38]
2010-04-25 c:\windows\Tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = ftp://24.231.36.86/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.bs/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
MSConfigStartUp-HPDJ Taskbar Utility - c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-SmcService - c:\progra~1\Sygate\SPF\smc.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
AddRemove-HijackThis - c:\documents and settings\Owner\Desktop\Trojan removers\Trojan remover\hijackthis\HijackThis.exe
AddRemove-Mixxx - c:\program files\Mixxx\uninstall.exe
AddRemove-PreSonus 1394 Audio Driver V1.20.0 (FIREBox) Setup - c:\program files\PreSonus\1394AudioDriver_FIREBox\uninst.exe Software\PreSonus\1394AudioDriver_FIREBox\Setup
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 01:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\xgusb.cpl
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\xgusb.cpl
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-04-25 01:51:02
ComboFix-quarantined-files.txt 2010-04-25 05:51
Pre-Run: 48,846,426,112 bytes free
Post-Run: 48,806,928,384 bytes free
- - End Of File - - 51D4E23DCF674214A6D5C675F7760236
#6
Posted 25 April 2010 - 02:28 AM
Elliot
-
- Expert
-
- 3,769 posts
Retired Staff
Hi!
Could you please run another Quick Scan in OTL and paste that log? The log you just posted was the same as your first run.
Thanks!
Elster
Could you please run another Quick Scan in OTL and paste that log? The log you just posted was the same as your first run.
Thanks!
Elster
#7
Posted 25 April 2010 - 03:33 PM
salsamac
- Topic Starter
-
- Member
-
- 5 posts
New Member
Sorry about that,I did do the scan but thought I had saved it there.
here is the new one I hope :-)
OTL logfile created on: 4/25/2010 5:18:27 PM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.00 Mb Total Physical Memory | 514.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 45.46 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
PRC - [2010/04/20 14:45:22 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 13:29:35 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/03/13 16:01:35 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 16:01:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/02 17:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
PRC - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
PRC - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
========== Modules (SafeList) ==========
MOD - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) [Auto | Running] -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe -- (CeEPwrSvc)
SRV - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
========== Driver Services (SafeList) ==========
DRV - [2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/09/17 20:55:55 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/02/13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/09/29 16:56:52 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/09/29 16:56:52 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/09/29 16:56:30 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/09/29 16:56:08 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/01/14 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/01/14 01:05:00 | 000,099,098 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/01/14 01:05:00 | 000,087,706 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/01/14 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/01/14 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/01/14 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/01/14 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/01/14 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/01/14 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/23 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/22 20:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/10/14 18:33:26 | 000,024,576 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_avs.sys -- (ps_avs)
DRV - [2004/10/14 18:33:22 | 000,097,152 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_1394.sys -- (ps_1394)
DRV - [2004/09/02 18:51:08 | 000,004,224 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2004/08/19 17:03:08 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ECioctl.sys -- (SrvcEPECioctl)
DRV - [2004/08/17 03:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/10 16:55:11 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 18:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 18:05:06 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/12 16:48:08 | 000,036,480 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2004/07/12 16:48:02 | 000,330,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2004/06/25 13:37:22 | 000,058,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2004/06/21 16:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/22 02:11:06 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 18:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/01/12 20:05:58 | 000,017,497 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/11/06 21:39:32 | 000,049,792 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2003/11/06 21:39:18 | 000,004,992 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2003/11/06 21:39:16 | 000,015,872 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/08/13 18:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/04/23 18:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/23 04:24:48 | 000,169,088 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.bs/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.0.145
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.http: "206.219.81.86"
FF - prefs.js..network.proxy.http_port: 8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/20 14:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/27 03:27:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/23 03:19:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/23 03:19:44 | 000,000,000 | ---D | M]
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/04/24 03:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions
[2009/09/06 21:39:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 02:34:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/08 16:50:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 00:51:13 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/19 02:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\[email protected]
[2009/04/01 18:16:40 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\searchplugins\live-search.xml
[2010/04/25 17:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/09 12:23:00 | 000,073,728 | ---- | M] (Sobonito Investment LTD) -- C:\Program Files\Mozilla Firefox\plugins\npCID.dll
O1 HOSTS File: ([2010/04/20 16:01:04 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll ()
O2 - BHO: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv3.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/09 20:08:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/04/24 17:00:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/24 16:52:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/24 16:52:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/24 16:52:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/24 16:52:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/24 16:52:02 | 000,000,000 | ---D | C] -- C:\SMCLpav
[2010/04/24 16:51:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/24 16:40:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/24 16:28:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/22 13:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/04/22 12:43:16 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 12:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010/04/22 12:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2010/04/22 12:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2010/04/22 04:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/22 04:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/22 04:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/04/21 23:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\malware removal
[2010/04/21 20:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0
[2010/04/21 03:18:53 | 000,036,864 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\Owner\My Documents\blacks~1.scr.back
[2010/04/21 03:06:21 | 000,403,968 | ---- | C] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/04/20 15:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/20 15:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/20 15:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/20 15:23:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 15:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/18 17:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\fanta
[2010/04/18 01:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ken pics cam
[2010/04/15 22:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\alberta files
[2010/04/13 01:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/12 03:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\akakpo
[2010/04/11 23:20:47 | 006,724,848 | ---- | C] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/09 16:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ayere
[2010/03/30 03:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua
[2010/03/28 01:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Reallusion
[2010/03/28 01:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/03/28 01:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Reallusion
[2010/03/28 01:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Reallusion
[2010/03/28 01:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/03/28 01:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reallusion
[2010/03/27 03:32:51 | 000,315,552 | ---- | C] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/27 02:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\emoticons
[2010/03/25 15:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\rose
[2010/03/23 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/03/23 15:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Nokia
[2010/03/23 15:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/03/23 15:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2010/03/23 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NokiaAccount
[2010/03/23 03:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/03/23 03:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/03/23 03:19:04 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/03/23 03:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/03/23 03:13:55 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/03/20 22:38:44 | 000,023,936 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/03/20 22:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0
[2010/03/06 17:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Alia songs
[2010/03/03 05:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Songs for function
[2010/02/20 19:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/02/20 06:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ken pics
[2010/02/17 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\joyce kojo
[2010/02/13 22:14:46 | 018,848,592 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/13 00:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bellina
[2010/02/12 04:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/02/12 04:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2010/02/11 15:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Video
[2010/02/09 02:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/02/08 17:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2010/02/08 16:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2010/02/07 07:15:55 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2010/02/07 07:15:53 | 000,618,112 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2010/02/07 07:15:52 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_080213.dll
[2010/02/07 07:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Aecotech
[2010/02/07 07:15:44 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP207.ax
[2010/02/07 07:15:44 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P207USD.dll
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2010/02/07 07:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2010/02/06 22:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/06 22:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/02/02 18:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Masterwriter Backups
[2010/02/02 01:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Audio
[2010/01/25 19:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Capture
[2010/01/25 19:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater5
[2010/01/25 18:26:34 | 000,000,000 | ---D | C] -- C:\VxCapture
[2010/01/25 18:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\VxViewer
[2010/01/25 18:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\QSD004 PC ViewerV2.5.0
[2004/08/19 17:00:02 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll
========== Files - Modified Within 90 Days ==========
[2010/04/25 17:24:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/04/25 17:23:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
[2010/04/25 17:01:03 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/25 16:55:35 | 059,268,202 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/25 16:49:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/25 16:48:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/25 16:48:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/25 03:44:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/25 03:44:01 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/04/25 01:47:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/25 01:35:23 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix2.exe
[2010/04/24 17:00:15 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/24 16:51:22 | 000,734,872 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\UNINSTALLER_10.exe
[2010/04/24 16:39:01 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/04/22 13:07:40 | 000,188,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:43:15 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 04:56:08 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:50 | 000,960,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/21 03:06:22 | 000,403,968 | ---- | M] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:00:09 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/17 04:34:26 | 000,011,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/14 00:13:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 03:28:12 | 000,162,215 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/11 23:20:54 | 006,724,848 | ---- | M] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/06 21:48:22 | 000,001,411 | ---- | M] () -- C:\WINDOWS\ConSol.INI
[2010/04/06 21:47:55 | 000,000,520 | ---- | M] () -- C:\WINDOWS\netdet.ini
[2010/04/04 01:54:35 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/04/04 01:51:21 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin.exe
[2010/03/31 19:08:19 | 002,371,013 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:19:20 | 000,273,545 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 02:06:37 | 000,001,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/29 02:06:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/28 01:37:26 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/27 03:32:52 | 000,315,552 | ---- | M] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/23 03:34:33 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:13 | 004,156,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/18 15:18:55 | 000,012,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/16 19:18:11 | 004,950,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/03/14 22:59:47 | 000,654,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 22:59:47 | 000,186,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 22:59:47 | 000,005,342 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 16:01:34 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/02/20 05:04:19 | 000,001,159 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/13 22:15:12 | 018,848,592 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/12 04:11:01 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:37 | 014,087,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:28:05 | 015,945,361 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:43 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:18 | 000,011,627 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:13:28 | 000,011,237 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:28 | 000,021,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/02 02:33:18 | 003,228,315 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:17:22 | 003,030,621 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:39 | 003,219,785 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/01/30 05:26:30 | 000,006,635 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/29 14:39:48 | 033,575,316 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/25 19:26:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
========== Files Created - No Company Name ==========
[2010/04/25 01:35:23 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix2.exe
[2010/04/24 17:00:15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/24 17:00:05 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/24 16:52:21 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/24 16:52:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/24 16:52:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/24 16:52:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/24 16:52:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/24 16:51:22 | 000,734,872 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\UNINSTALLER_10.exe
[2010/04/24 16:39:01 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/04/22 13:07:40 | 000,188,090 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:43:16 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010/04/22 04:56:08 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:48 | 000,960,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/20 16:00:09 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 04:34:26 | 000,011,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/12 03:28:10 | 000,162,215 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/04 01:54:35 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/03/31 19:07:57 | 002,371,013 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:18:44 | 000,273,545 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/28 01:37:26 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/23 03:34:27 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:09 | 004,156,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:12 | 000,012,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/18 15:17:59 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:17:56 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/16 19:18:03 | 004,950,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/02/20 05:04:19 | 000,001,159 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/12 04:22:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/12 04:11:01 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:27 | 014,087,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:25:32 | 015,945,361 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:42 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:08 | 000,011,627 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:12:58 | 000,011,237 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:25 | 000,021,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/07 07:15:55 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/02/07 07:15:44 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2010/02/02 02:47:59 | 003,228,315 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:47:59 | 003,030,621 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:34 | 003,219,785 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/02/02 01:42:14 | 000,761,604 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\K Talking 'Bout These Islands Jan 20 2010 ken mix.cwp
[2010/02/02 01:41:33 | 033,575,316 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/30 05:26:30 | 000,006,635 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/25 19:26:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
[2009/12/18 15:19:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/12/18 15:19:20 | 000,001,411 | ---- | C] () -- C:\WINDOWS\ConSol.INI
[2008/01/23 09:26:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/01/23 09:26:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/07/19 16:12:28 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/29 00:43:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2006/06/24 21:38:08 | 000,003,622 | ---- | C] () -- C:\WINDOWS\TWE.INI
[2006/03/09 01:32:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/12/14 14:32:05 | 000,011,857 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2005/12/01 02:39:17 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Winzip32.ini
[2005/10/10 11:07:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/08/31 14:27:51 | 000,000,657 | ---- | C] () -- C:\WINDOWS\SQ01.INI
[2005/06/15 01:36:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/15 01:34:54 | 000,000,548 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 11:22:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/19 17:03:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECioctl.sys
[2004/08/16 16:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2004/08/10 18:37:33 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/10 18:35:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/10 18:35:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/10 18:35:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/10 18:35:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/10 18:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/08/10 18:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2004/08/10 16:57:26 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/08/10 16:57:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/08/10 16:57:26 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/08/10 16:57:26 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/08/10 16:34:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/10 16:23:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/09 20:37:33 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll
[2004/08/09 20:17:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/09 20:12:23 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 20:04:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 19:32:25 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/13 02:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/04/22 01:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/03/02 13:34:50 | 001,642,496 | ---- | C] () -- C:\WINDOWS\System32\mplva6.dll
[2001/03/02 13:34:50 | 001,576,960 | ---- | C] () -- C:\WINDOWS\System32\mplvw7.dll
[2001/03/02 13:34:50 | 001,548,288 | ---- | C] () -- C:\WINDOWS\System32\mplvm6.dll
[2001/03/02 13:34:50 | 001,118,208 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2001/03/02 13:34:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplapx.dll
[2001/03/02 13:34:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
========== LOP Check ==========
[2006/06/25 02:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2007/09/29 16:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/12/19 03:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/02 23:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/09/29 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2006/05/06 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/10/02 04:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MasterWriter 2.0
[2010/04/22 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2004/08/10 17:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/03/23 03:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/09/29 17:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2006/01/16 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2004/08/10 17:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2005/08/06 13:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2010/01/08 23:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Carnival Software
[2010/02/09 02:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2005/12/18 01:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileMaker
[2006/05/09 20:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FireBox Mixer
[2006/01/27 03:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Firetrust
[2009/05/08 13:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2010/01/09 06:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2004/08/10 18:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/08/16 16:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/04/13 01:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/04 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/04/03 21:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailWasherPro
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2010/03/23 15:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/02/12 04:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/03/23 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2006/01/16 20:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2008/04/14 23:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2004/08/10 18:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2005/12/06 01:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Video DVD Maker FREE
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virtual Mechanics
[2010/04/25 17:01:03 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/25 17:23:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) >
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
< [2010/04/20 15:08:20 | 000,126,976 | ---- | C] (T5Q) -- C:\WINDOWS\msnmls.exe >
Invalid Switch: 20 15:08:20 | 000,126,976 | ---- | C] (T5Q) -- C:\WINDOWS\msnmls.exe
< [2010/03/11 03:58:09 | 000,000,000 | ---D | C] -- C:\b375ffe80ac140da364a2b7a >
Invalid Switch: 11 03:58:09 | 000,000,000 | ---D | C] -- C:\b375ffe80ac140da364a2b7a
< [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >
< [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >
< [2010/04/22 12:46:24 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx >
Invalid Switch: 22 12:46:24 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx
< [2010/04/13 01:05:47 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 13 01:05:47 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< [2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933~.sys >
Invalid Switch: 19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933~.sys
< [2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933.sys >
Invalid Switch: 19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933.sys
< >
< :Services >
< >
< :Reg >
< >
< :Files >
< >
< :Commands >
< [purity] >
< [emptytemp] >
< [Reboot] >
< End of report >
here is the new one I hope :-)
OTL logfile created on: 4/25/2010 5:18:27 PM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop\malware removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
895.00 Mb Total Physical Memory | 514.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 45.46 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOSHIBA-USER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
PRC - [2010/04/20 14:45:22 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/02 13:29:35 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/03/13 16:01:35 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 16:01:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/02 17:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
PRC - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
PRC - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
========== Modules (SafeList) ==========
MOD - [2010/04/22 23:03:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\malware removal\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/03/13 16:01:24 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2004/07/07 18:16:24 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/23 08:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) [Auto | Running] -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe -- (CeEPwrSvc)
SRV - [2004/06/16 19:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 17:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/04/07 15:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
========== Driver Services (SafeList) ==========
DRV - [2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/09/17 20:55:55 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/02/13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/09/29 16:56:52 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/09/29 16:56:52 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/09/29 16:56:30 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/09/29 16:56:08 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2005/01/14 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/01/14 01:05:00 | 000,099,098 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/01/14 01:05:00 | 000,087,706 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/01/14 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/01/14 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/01/14 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/01/14 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/01/14 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/01/14 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/23 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/22 20:45:36 | 000,393,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/10/14 18:33:26 | 000,024,576 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_avs.sys -- (ps_avs)
DRV - [2004/10/14 18:33:22 | 000,097,152 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_1394.sys -- (ps_1394)
DRV - [2004/09/02 18:51:08 | 000,004,224 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2004/08/19 17:03:08 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ECioctl.sys -- (SrvcEPECioctl)
DRV - [2004/08/17 03:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/10 16:55:11 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 18:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 18:05:06 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2004/07/30 18:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/12 16:48:08 | 000,036,480 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2004/07/12 16:48:02 | 000,330,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2004/06/25 13:37:22 | 000,058,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2004/06/21 16:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/08 23:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/22 02:11:06 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 18:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/30 13:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/01/12 20:05:58 | 000,017,497 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/11/06 21:39:32 | 000,049,792 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxser.sys -- (oxser)
DRV - [2003/11/06 21:39:18 | 000,004,992 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oxmfuf.sys -- (Oxmfuf)
DRV - [2003/11/06 21:39:16 | 000,015,872 | ---- | M] (OEM) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oxmf.sys -- (oxmf)
DRV - [2003/10/22 23:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/09/19 18:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 03:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/08/13 18:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/04/23 18:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/23 04:24:48 | 000,169,088 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2003/01/10 19:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.bs/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.0.145
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.http: "206.219.81.86"
FF - prefs.js..network.proxy.http_port: 8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/20 14:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/27 03:27:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/23 03:19:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 15:14:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/23 03:19:44 | 000,000,000 | ---D | M]
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/04/01 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/04/24 03:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions
[2009/09/06 21:39:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 02:34:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/08 16:50:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/13 00:51:13 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/19 02:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\extensions\[email protected]
[2009/04/01 18:16:40 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vg2usm6p.default\searchplugins\live-search.xml
[2010/04/25 17:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/03/09 12:23:00 | 000,073,728 | ---- | M] (Sobonito Investment LTD) -- C:\Program Files\Mozilla Firefox\plugins\npCID.dll
O1 HOSTS File: ([2010/04/20 16:01:04 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll ()
O2 - BHO: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Paltalk Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/02/08 16:49:52 | 000,000,000 | ---D | M]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (ActiveScan Installer Class)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv3.view22....p/view22rte.cab (View22RTE Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/09 20:08:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/04/24 17:00:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/24 16:52:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/24 16:52:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/24 16:52:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/24 16:52:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/24 16:52:02 | 000,000,000 | ---D | C] -- C:\SMCLpav
[2010/04/24 16:51:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/24 16:40:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/24 16:28:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/22 13:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/04/22 12:43:16 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 12:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010/04/22 12:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2010/04/22 12:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Download Manager
[2010/04/22 04:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/22 04:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/22 04:55:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/04/21 23:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\malware removal
[2010/04/21 20:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0
[2010/04/21 03:18:53 | 000,036,864 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\Documents and Settings\Owner\My Documents\blacks~1.scr.back
[2010/04/21 03:06:21 | 000,403,968 | ---- | C] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/04/20 16:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/04/20 15:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/04/20 15:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/20 15:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/20 15:23:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 15:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/18 17:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\fanta
[2010/04/18 01:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ken pics cam
[2010/04/15 22:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\alberta files
[2010/04/13 01:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/12 03:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\akakpo
[2010/04/11 23:20:47 | 006,724,848 | ---- | C] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/09 16:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ayere
[2010/03/30 03:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua
[2010/03/28 01:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Reallusion
[2010/03/28 01:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/03/28 01:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Reallusion
[2010/03/28 01:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Reallusion
[2010/03/28 01:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010/03/28 01:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reallusion
[2010/03/27 03:32:51 | 000,315,552 | ---- | C] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/27 02:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\emoticons
[2010/03/25 15:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\rose
[2010/03/23 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/03/23 15:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Nokia
[2010/03/23 15:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/03/23 15:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2010/03/23 15:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NokiaAccount
[2010/03/23 03:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/03/23 03:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/03/23 03:19:04 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/03/23 03:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/03/23 03:13:55 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 03:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/03/20 22:38:44 | 000,023,936 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/03/20 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/03/20 22:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0
[2010/03/06 17:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Alia songs
[2010/03/03 05:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Songs for function
[2010/02/20 19:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/02/20 06:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ken pics
[2010/02/17 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\joyce kojo
[2010/02/13 22:14:46 | 018,848,592 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/13 00:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Bellina
[2010/02/12 04:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/02/12 04:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene
[2010/02/12 04:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2010/02/11 15:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Video
[2010/02/09 02:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/02/08 17:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2010/02/08 16:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2010/02/07 07:15:55 | 000,048,128 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\Remove.exe
[2010/02/07 07:15:53 | 000,618,112 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\drivers\PFC027.SYS
[2010/02/07 07:15:52 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\CoInst_080213.dll
[2010/02/07 07:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Aecotech
[2010/02/07 07:15:44 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\System32\SP207.ax
[2010/02/07 07:15:44 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\System32\P207USD.dll
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt
[2010/02/07 07:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PAC207
[2010/02/07 07:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2010/02/06 22:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/02/06 22:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/02/02 18:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Masterwriter Backups
[2010/02/02 01:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Audio
[2010/01/25 19:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Capture
[2010/01/25 19:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Updater5
[2010/01/25 18:26:34 | 000,000,000 | ---D | C] -- C:\VxCapture
[2010/01/25 18:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\VxViewer
[2010/01/25 18:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\QSD004 PC ViewerV2.5.0
[2004/08/19 17:00:02 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll
========== Files - Modified Within 90 Days ==========
[2010/04/25 17:24:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/04/25 17:23:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
[2010/04/25 17:01:03 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/25 16:55:35 | 059,268,202 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/25 16:49:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/25 16:48:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/25 16:48:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/25 03:44:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/25 03:44:01 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/04/25 01:47:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/25 01:35:23 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix2.exe
[2010/04/24 17:00:15 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/24 16:51:22 | 000,734,872 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\UNINSTALLER_10.exe
[2010/04/24 16:39:01 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/04/22 13:07:40 | 000,188,090 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:43:15 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010/04/22 04:56:08 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:50 | 000,960,528 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/21 03:06:22 | 000,403,968 | ---- | M] (MSNVirusRemoval.com - Macka's Software) -- C:\Documents and Settings\Owner\Desktop\MSN Virus Remover.exe
[2010/04/20 16:00:09 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 14:45:24 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/17 04:34:26 | 000,011,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/14 00:13:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 03:28:12 | 000,162,215 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/11 23:20:54 | 006,724,848 | ---- | M] (Discordia Limited.) -- C:\Documents and Settings\Owner\Desktop\BandooV5.exe
[2010/04/06 21:48:22 | 000,001,411 | ---- | M] () -- C:\WINDOWS\ConSol.INI
[2010/04/06 21:47:55 | 000,000,520 | ---- | M] () -- C:\WINDOWS\netdet.ini
[2010/04/04 01:54:35 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/04/04 01:51:21 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin.exe
[2010/03/31 19:08:19 | 002,371,013 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:19:20 | 000,273,545 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 02:06:37 | 000,001,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/29 02:06:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/28 01:37:26 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/27 03:32:52 | 000,315,552 | ---- | M] (Thesycon GmbH) -- C:\Documents and Settings\Owner\Desktop\dpclat.exe
[2010/03/23 03:34:33 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:13 | 004,156,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:18:55 | 000,013,327 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/18 15:18:55 | 000,012,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/16 19:18:11 | 004,950,965 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/03/14 22:59:47 | 000,654,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 22:59:47 | 000,186,526 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 22:59:47 | 000,005,342 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 16:01:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 16:01:34 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 16:01:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/02/20 05:04:19 | 000,001,159 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/13 22:15:12 | 018,848,592 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\Owner\Desktop\LimeWireWin feb 13 2010.exe
[2010/02/12 04:11:01 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:37 | 014,087,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:28:05 | 015,945,361 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:43 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:18 | 000,011,627 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:13:28 | 000,011,237 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:28 | 000,021,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/02 02:33:18 | 003,228,315 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:17:22 | 003,030,621 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:39 | 003,219,785 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/01/30 05:26:30 | 000,006,635 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/29 14:39:48 | 033,575,316 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/25 19:26:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
========== Files Created - No Company Name ==========
[2010/04/25 01:35:23 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix2.exe
[2010/04/24 17:00:15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/24 17:00:05 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/24 16:52:21 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/24 16:52:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/24 16:52:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/24 16:52:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/24 16:52:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/24 16:51:22 | 000,734,872 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\UNINSTALLER_10.exe
[2010/04/24 16:39:01 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/04/22 13:07:40 | 000,188,090 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pinfect.zip
[2010/04/22 12:43:16 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010/04/22 04:56:08 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/21 20:52:48 | 000,960,528 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\x86Release 3.190.0.0.zip
[2010/04/20 16:00:09 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpyHunter.lnk
[2010/04/20 15:23:15 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 04:34:26 | 000,011,471 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle 2.JPG
[2010/04/17 04:33:05 | 000,139,671 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\edwige belle.JPG
[2010/04/12 03:28:10 | 000,162,215 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\0411223211.wmv
[2010/04/04 01:54:35 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LimeWire 5.5.8.lnk
[2010/03/31 19:07:57 | 002,371,013 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Evian.wm
[2010/03/30 03:18:44 | 000,273,545 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shark attack in Antigua.zip
[2010/03/28 01:37:26 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CrazyTalk v6.13 PRO Trial.lnk
[2010/03/23 03:34:27 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2010/03/20 22:39:16 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/03/20 22:39:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/03/20 22:35:09 | 004,156,478 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\USB_Drivers_32_bit_4.5.0.zip
[2010/03/18 15:18:12 | 000,012,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 003.jpg
[2010/03/18 15:17:59 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 002.jpg
[2010/03/18 15:17:56 | 000,013,327 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\schematic pics 001.jpg
[2010/03/16 19:18:03 | 004,950,965 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Trumpet_MIDI_Files.zip
[2010/02/20 05:04:19 | 000,001,159 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tes.rtf
[2010/02/18 17:18:14 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/12 04:22:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/12 04:11:01 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Upgrade to Paltalk Extreme.lnk
[2010/02/12 04:10:58 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PaltalkScene.lnk
[2010/02/12 04:09:27 | 014,087,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pal_install_r17716.exe
[2010/02/12 03:25:32 | 015,945,361 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OSwebisode05-JustLikeBarry.mp4
[2010/02/12 03:20:42 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stpmotcon1.doc
[2010/02/10 19:15:08 | 000,011,627 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1 001.jpg
[2010/02/10 19:12:58 | 000,011,237 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ken 1.jpg
[2010/02/10 00:08:25 | 000,021,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1483766.jpg
[2010/02/08 16:48:42 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/02/07 07:15:55 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/02/07 07:15:44 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2010/02/02 02:47:59 | 003,228,315 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\In Our Dreams.mp3
[2010/02/02 02:47:59 | 003,030,621 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Talkin' 'Bout These Islands.mp3
[2010/02/02 01:57:34 | 003,219,785 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\phantasmoloco+inourdreams.mp3
[2010/02/02 01:42:14 | 000,761,604 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\K Talking 'Bout These Islands Jan 20 2010 ken mix.cwp
[2010/02/02 01:41:33 | 033,575,316 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\These Islands boost+eq jan 29 2010 cd.wav
[2010/01/30 05:26:30 | 000,006,635 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MasterWriter.backup.2010-01-30_04-26-29_906.zip
[2010/01/25 19:26:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/01/25 18:24:33 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Vx4SLPlayer.lnk
[2009/12/18 15:19:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/12/18 15:19:20 | 000,001,411 | ---- | C] () -- C:\WINDOWS\ConSol.INI
[2008/01/23 09:26:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/01/23 09:26:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2007/07/19 16:12:28 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/29 00:43:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2006/06/24 21:38:08 | 000,003,622 | ---- | C] () -- C:\WINDOWS\TWE.INI
[2006/03/09 01:32:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/12/14 14:32:05 | 000,011,857 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2005/12/01 02:39:17 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Winzip32.ini
[2005/10/10 11:07:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/08/31 14:27:51 | 000,000,657 | ---- | C] () -- C:\WINDOWS\SQ01.INI
[2005/06/15 01:36:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/15 01:34:54 | 000,000,548 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/11 11:22:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/19 17:03:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECioctl.sys
[2004/08/16 16:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2004/08/10 18:37:33 | 000,000,948 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/10 18:35:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/10 18:35:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/10 18:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/10 18:35:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/10 18:35:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/10 18:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/08/10 18:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2004/08/10 16:57:26 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/08/10 16:57:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/08/10 16:57:26 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/08/10 16:57:26 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/08/10 16:34:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/10 16:23:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/09 20:37:33 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll
[2004/08/09 20:17:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/09 20:12:23 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 20:04:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 19:32:25 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/13 02:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/04/22 01:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2001/03/02 13:34:50 | 001,642,496 | ---- | C] () -- C:\WINDOWS\System32\mplva6.dll
[2001/03/02 13:34:50 | 001,576,960 | ---- | C] () -- C:\WINDOWS\System32\mplvw7.dll
[2001/03/02 13:34:50 | 001,548,288 | ---- | C] () -- C:\WINDOWS\System32\mplvm6.dll
[2001/03/02 13:34:50 | 001,118,208 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2001/03/02 13:34:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\mplapx.dll
[2001/03/02 13:34:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
========== LOP Check ==========
[2006/06/25 02:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4D
[2007/09/29 16:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/12/19 03:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/02 23:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/09/29 17:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2006/05/06 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/10/02 04:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MasterWriter 2.0
[2010/04/22 12:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MicroWorld
[2004/08/10 17:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/03/23 03:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/03/23 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/09/29 17:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2006/01/16 20:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2004/08/10 17:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2005/08/06 13:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2010/01/08 23:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Carnival Software
[2010/02/09 02:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2005/12/18 01:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileMaker
[2006/05/09 20:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FireBox Mixer
[2006/01/27 03:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Firetrust
[2009/05/08 13:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2010/01/09 06:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2004/08/10 18:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2004/08/16 16:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/04/13 01:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/04 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/04/03 21:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailWasherPro
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NetMedia Providers
[2010/03/23 15:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2010/02/12 04:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paltalk
[2010/03/23 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2005/12/05 21:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2006/01/16 20:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2008/04/14 23:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2004/08/10 18:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2005/12/06 01:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Video DVD Maker FREE
[2006/08/15 01:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virtual Mechanics
[2010/04/25 17:01:03 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/25 17:23:11 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E934C008-C44B-462B-AAAD-979E3A052C9E}.job
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) >
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
< [2010/04/22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe >
Invalid Switch: 22 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
< [2010/04/20 15:08:20 | 000,126,976 | ---- | C] (T5Q) -- C:\WINDOWS\msnmls.exe >
Invalid Switch: 20 15:08:20 | 000,126,976 | ---- | C] (T5Q) -- C:\WINDOWS\msnmls.exe
< [2010/03/11 03:58:09 | 000,000,000 | ---D | C] -- C:\b375ffe80ac140da364a2b7a >
Invalid Switch: 11 03:58:09 | 000,000,000 | ---D | C] -- C:\b375ffe80ac140da364a2b7a
< [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >
< [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >
< [2010/04/22 12:46:24 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx >
Invalid Switch: 22 12:46:24 | 000,000,056 | ---- | M] () -- C:\WINDOWS\Lic.xxx
< [2010/04/13 01:05:47 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 13 01:05:47 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< [2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933~.sys >
Invalid Switch: 19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933~.sys
< [2007/08/19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933.sys >
Invalid Switch: 19 17:48:26 | 000,000,291 | ---- | C] () -- C:\WINDOWS\data7933.sys
< >
< :Services >
< >
< :Reg >
< >
< :Files >
< >
< :Commands >
< [purity] >
< [emptytemp] >
< [Reboot] >
< End of report >
#8
Posted 27 April 2010 - 12:40 PM
Elliot
-
- Expert
-
- 3,769 posts
Retired Staff
Hi Tia!
Step 1:
ComboFix
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 2:
VirusTotal
Step 3:
Reply
Things I need to see in your reply:
Elster
Let's hope not, but we'll check and see.it had been compromised by some file virus..name virut or something like that.
Step 1:
ComboFix
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
File::
Folder::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 2:
VirusTotal
- Please go to VirusTotal
- Click in the text box underneath Upload a File and browse for the following file:
C:\Windows\explorer.exe - Click on Send File (do not close your browser)
- Once it has finished scanning, paste the results here.
C:\Windows\System32\smss.exe
C:\Windows\System32\svchost.exe
Step 3:
Reply
Things I need to see in your reply:
- Contents of C:\ComboFix.txt
- VirusTotal results
Elster
#9
Posted 03 May 2010 - 10:39 AM
salsamac
- Topic Starter
-
- Member
-
- 5 posts
New Member
sorry for the delay, just an update.... I run av and it found c:otl.. infected by a variant virus..and cleaned it..I will still run the tests as soon as I can..thanks
#10
Posted 03 May 2010 - 09:43 PM
Elliot
-
- Expert
-
- 3,769 posts
Retired Staff
Thanks for the update!
Elster
Elster
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
