Is it a malware?

hello im a new guy here. i got a problem with my pc, it seems my internet connection is slower than it was and there is a problem also when i install a program specifically a game which i cant install bcoz there's an error that stopped it or it will not respond all of a sudden, and my firefox crashes of all of a sudden. then i thought it's a malware or something. i got malwarebytes and it detected a Security Hijack yesterday then i removed it, also i got AVG internet security and i ran a full scan and it detected 7 Security hijacks but then my internet still slowed down and i cant install a program into my system. pls help me guys thanks in advance.

Here's my MBAM log from yesterday scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/21/2010 4:42:27 AM
mbam-log-2010-05-21 (04-42-27).txt

Scan type: Quick scan
Objects scanned: 124110
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
===================================================================

Here's my OTL log just now:
OTL logfile created on: 5/22/2010 4:32:06 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Vongola\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 23.52 Gb Free Space | 60.20% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 26.67 Gb Free Space | 54.63% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 47.61 Gb Free Space | 97.51% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 38.57 Gb Free Space | 98.73% Space Free | Partition Type: NTFS
Drive G: | 57.10 Gb Total Space | 46.94 Gb Free Space | 82.20% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 71.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HAPPY-5479203B2
Current User Name: Vongola
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/22 04:07:50 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vongola\My Documents\Downloads\OTL.exe
PRC - [2010/05/22 03:43:49 | 001,038,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2010/05/21 06:47:27 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/05/21 06:47:27 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/05/21 06:47:27 | 000,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/05/21 06:47:22 | 002,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/05/21 06:47:21 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/21 06:47:21 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/05/21 06:47:21 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/21 06:47:18 | 000,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/05/21 06:47:17 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/05/01 23:20:17 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/26 10:13:25 | 000,531,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/25 01:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- E:\Program Files\FlashGet\flashget.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/05/22 04:07:50 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vongola\My Documents\Downloads\OTL.exe
MOD - [2007/05/18 09:13:08 | 000,053,329 | ---- | M] (www.flashget.com) -- E:\Program Files\FlashGet\fgmgr.dll
MOD - [2004/08/04 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/05/21 06:47:21 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/21 06:47:17 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/04 15:41:00 | 003,482,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - [2010/05/21 06:47:49 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/05/21 06:47:48 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/05/21 06:47:48 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/05/21 06:47:43 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/21 06:47:39 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/21 06:47:21 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/05/21 06:47:20 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/05/21 06:47:18 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/20 19:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/04/12 23:09:56 | 000,204,160 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/03/08 23:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.36.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/05/21 06:47:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/11 12:22:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/20 14:51:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/12/02 23:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\Mozilla\Extensions
[2010/05/20 23:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\Mozilla\Firefox\Profiles\zv46tpk9.default\extensions
[2010/05/20 14:58:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Vongola\Application Data\Mozilla\Firefox\Profiles\zv46tpk9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/27 23:51:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Vongola\Application Data\Mozilla\Firefox\Profiles\zv46tpk9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/03 21:01:40 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Vongola\Application Data\Mozilla\Firefox\Profiles\zv46tpk9.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010/02/13 16:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\Mozilla\Firefox\Profiles\zv46tpk9.default\extensions\[email protected]
[2010/05/20 23:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 19:47:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/10/19 19:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/09 18:30:56 | 000,189,592 | ---- | M] (MGame) -- C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/05/20 17:34:24 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Flashget] E:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Vongola\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Vongola\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.8.224.39 202.8.224.36
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Vongola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vongola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/02 23:33:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/29 13:36:29 | 000,000,045 | RH-- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0722b348-f262-11de-925a-0019db4c6717}\Shell\AutoRun\command - "" = H:\winampxml\winxml.exe -- File not found
O33 - MountPoints2\{0722b348-f262-11de-925a-0019db4c6717}\Shell\explore\command - "" = H:\winampxml\winxml.exe -- File not found
O33 - MountPoints2\{0722b348-f262-11de-925a-0019db4c6717}\Shell\open\command - "" = H:\winampxml\winxml.exe -- File not found
O33 - MountPoints2\{0fbc164a-64de-11df-935a-0019db4c6717}\Shell - "" = AutoRun
O33 - MountPoints2\{0fbc164a-64de-11df-935a-0019db4c6717}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0fbc164a-64de-11df-935a-0019db4c6717}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{e1f22a47-df7d-11de-b1da-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e1f22a47-df7d-11de-b1da-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1f22a47-df7d-11de-b1da-806d6172696f}\Shell\AutoRun\command - "" = I:\Launch.exe -- [2005/03/31 15:10:41 | 006,533,102 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/02 13:19:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/22 03:21:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vongola\Recent
[2010/05/21 07:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Application Data\URSoft
[2010/05/21 07:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2010
[2010/05/21 06:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/05/21 06:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\My Documents\Simply Super Software
[2010/05/21 06:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Application Data\Simply Super Software
[2010/05/21 06:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/21 06:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2010/05/21 06:47:59 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/21 06:47:49 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/05/21 06:47:49 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/21 06:47:48 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/21 06:47:48 | 000,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/05/21 06:47:43 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/21 06:47:39 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/21 06:47:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/21 06:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/21 06:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/21 02:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Application Data\Malwarebytes
[2010/05/21 02:24:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/21 02:24:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/21 02:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/21 01:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/20 14:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/20 14:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/20 14:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Local Settings\Application Data\Temp
[2010/05/20 14:49:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/15 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Local Settings\Application Data\PMB Files
[2010/05/11 05:40:49 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/05/07 00:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\My Documents\DVDVideoSoft
[2010/05/07 00:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/05/05 23:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\My Documents\New Folder
[2010/05/03 06:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Desktop\finish
[2010/05/02 08:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Application Data\vlc
[2010/05/01 23:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Local Settings\Application Data\Google
[2010/04/27 23:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\dwhelper
[2010/04/23 10:28:50 | 000,000,000 | ---D | C] -- C:\Ruby2
[2010/04/23 09:16:41 | 000,000,000 | ---D | C] -- C:\xampp
[2010/04/23 06:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\My Documents\Aptana RadRails Workspace
[2010/04/23 05:35:35 | 000,000,000 | ---D | C] -- C:\Ruby
[2010/04/23 05:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Aptana Rubles
[2010/04/23 05:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\My Documents\Aptana Studio 3 Workspace
[2010/04/23 05:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Aptana
[2010/04/07 07:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Local Settings\Application Data\Identities
[2010/04/02 11:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Application Data\FlashgetSetup
[2010/04/02 11:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\Application Data\FlashGet
[2010/03/31 13:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/03/31 13:17:00 | 000,426,704 | ---- | C] (True Games Interactive) -- C:\WINDOWS\System32\uc_wepic_launching.dll
[2010/03/25 22:58:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/03/06 15:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vongola\bluej
[2010/03/06 14:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/06 14:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/06 14:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/02/22 21:26:00 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\uc_neosteam_launching.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/22 04:27:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vongola\Local Settings\Application Data\prvlcl.dat
[2010/05/22 04:25:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1965331169-725345543-1004UA.job
[2010/05/22 03:57:15 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/22 03:57:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/22 03:57:15 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/05/22 03:37:30 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/22 03:37:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/22 03:37:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/22 03:36:14 | 003,407,872 | ---- | M] () -- C:\Documents and Settings\Vongola\ntuser.dat
[2010/05/22 03:14:43 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Vongola\Desktop\CCleaner.lnk
[2010/05/22 02:33:51 | 000,000,096 | -H-- | M] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/05/21 07:12:31 | 000,043,320 | ---- | M] () -- C:\Documents and Settings\Vongola\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 06:57:04 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Killer.lnk
[2010/05/21 06:47:49 | 000,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/05/21 06:47:49 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/21 06:47:49 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/05/21 06:47:48 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/21 06:47:48 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/05/21 06:47:43 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/21 06:47:39 | 043,363,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/21 06:47:39 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/21 06:47:39 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/21 06:47:34 | 000,040,749 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/05/21 06:47:33 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/05/21 06:47:33 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/21 02:24:31 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/21 01:20:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Vongola\Desktop\HijackThis.lnk
[2010/05/20 17:34:24 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/20 17:16:27 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/20 17:16:27 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/20 17:16:27 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 12:33:42 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/20 12:33:38 | 000,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/18 02:17:39 | 003,686,818 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\tae.wav
[2010/05/17 01:14:14 | 000,129,463 | ---- | M] () -- C:\Documents and Settings\Vongola\Desktop\airliner07_1269088643_72988_me2photo.jpg
[2010/05/14 08:42:07 | 000,035,392 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\13318_412468234663_115619474663_5337943_6323439_n.jpg
[2010/05/14 08:40:44 | 000,018,350 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\13318_412468134663_115619474663_5337928_6264981_n.jpg
[2010/05/12 23:25:06 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1965331169-725345543-1004Core.job
[2010/05/11 12:29:20 | 000,000,020 | ---- | M] () -- C:\WINDOWS\GKLauncherInfo.ini
[2010/05/11 05:39:21 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\Vongola\Desktop\FlashGet.lnk
[2010/05/08 08:22:30 | 000,046,586 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\s2.jpg
[2010/05/07 00:52:29 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Vongola\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 00:08:55 | 000,073,900 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\aa.jpg
[2010/05/05 23:35:02 | 000,079,239 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a15.jpg
[2010/05/05 23:34:56 | 000,068,807 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a14.jpg
[2010/05/05 23:34:50 | 000,062,750 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a13.jpg
[2010/05/05 23:34:44 | 000,079,411 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a`11.jpg
[2010/05/05 23:34:37 | 000,071,568 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a12.jpg
[2010/05/05 23:34:29 | 000,078,186 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a9.jpg
[2010/05/05 23:34:15 | 000,052,289 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a8.jpg
[2010/05/05 23:33:59 | 000,096,712 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a7.jpg
[2010/05/05 23:33:51 | 000,081,731 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a6.jpg
[2010/05/05 23:33:36 | 000,093,308 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a5.jpg
[2010/05/05 23:33:29 | 000,076,909 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a4.jpg
[2010/05/05 23:33:22 | 000,109,401 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a3.jpg
[2010/05/05 23:33:12 | 000,092,251 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a2.jpg
[2010/05/05 23:33:00 | 000,076,808 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a1'.jpg
[2010/05/05 23:12:08 | 000,462,906 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\2x2 ysa.bmp
[2010/05/05 23:11:48 | 000,224,256 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\2MA Perez,Alleysa B.-1.doc
[2010/05/05 22:55:53 | 000,050,106 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\say9.jpg
[2010/05/05 22:55:44 | 000,050,355 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\say8.jpg
[2010/05/05 22:55:33 | 000,043,521 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\say7.jpg
[2010/05/05 22:55:22 | 000,046,288 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\say6.jpg
[2010/05/05 22:54:49 | 000,028,072 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\say5.jpg
[2010/05/05 22:51:05 | 000,035,998 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\say4.jpg
[2010/05/05 22:45:31 | 000,036,455 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\say3.jpg
[2010/05/05 22:45:08 | 000,040,537 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\say2.jpg
[2010/05/05 22:44:50 | 000,036,333 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\say.jpg
[2010/05/03 05:31:50 | 001,122,512 | ---- | M] () -- C:\Documents and Settings\Vongola\Desktop\finish.7z
[2010/05/02 08:42:13 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/01 23:22:42 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Vongola\Desktop\Google Chrome.lnk
[2010/04/30 20:16:57 | 000,034,047 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\n1493005977_30032555_3344.jpg
[2010/04/30 11:47:33 | 000,493,649 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\025377.jpg
[2010/04/30 11:46:17 | 000,231,776 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\Yoona_with_newChocolate_by_browneyedfairy23.jpg
[2010/04/30 11:45:54 | 000,766,802 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\Yoona_wallpaper_01_by_Clamy_san.jpg
[2010/04/30 07:45:23 | 000,111,258 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\girls-generation-chocolate-phone-yoona.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 22:53:56 | 000,261,582 | ---- | M] () -- C:\Documents and Settings\Vongola\.fastri-index
[2010/04/23 09:20:22 | 000,001,404 | ---- | M] () -- C:\Documents and Settings\Vongola\Desktop\XAMPP Control Panel.lnk
[2010/04/23 06:05:14 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\Vongola\Desktop\Aptana RadRails.lnk
[2010/04/22 19:56:45 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Vongola\Desktop\Crimson Editor.lnk
[2010/04/19 10:28:57 | 001,242,112 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\supermarket_family_feud.ppt
[2010/04/19 02:46:03 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\RubyPresentation.ppt
[2010/04/17 23:48:59 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 03:23:01 | 000,076,549 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\faimlyfeudlogo.jpg
[2010/04/15 03:01:14 | 000,058,465 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam12.jpg
[2010/04/15 03:01:05 | 000,045,265 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam11.jpg
[2010/04/15 03:00:35 | 000,082,264 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam10.jpg
[2010/04/15 03:00:19 | 000,081,956 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam8.jpg
[2010/04/15 02:59:51 | 000,086,269 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam7.jpg
[2010/04/15 02:59:32 | 000,075,532 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam6.jpg
[2010/04/15 02:59:22 | 000,086,457 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam5.jpg
[2010/04/15 02:59:07 | 000,074,901 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam4.jpg
[2010/04/15 02:58:56 | 000,090,020 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam3.jpg
[2010/04/15 02:58:25 | 000,070,452 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam2.jpg
[2010/04/15 02:58:06 | 000,082,803 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\fam.jpg
[2010/04/10 23:23:35 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\M A R A V I L L A S 2.doc
[2010/04/10 23:23:18 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\M A R A V I L L A S.doc
[2010/04/10 23:01:39 | 000,027,506 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\yoona.jpg
[2010/04/10 23:01:28 | 000,129,747 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\yoonawall.jpg
[2010/04/10 23:00:55 | 000,072,564 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\3214681115_8bd06a4c27.jpg
[2010/04/10 20:23:32 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\MARKRESRates.doc
[2010/04/09 05:00:28 | 000,239,711 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\Luctu_Yoona.jpg
[2010/04/09 04:53:01 | 000,005,730 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\hyunah.jpg
[2010/04/09 04:51:36 | 000,108,024 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\4minute_hyunah_20090514.jpg.gif
[2010/04/09 01:05:29 | 000,067,072 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\TWsample proj.doc
[2010/04/08 23:58:28 | 000,087,943 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\g.jpg
[2010/04/08 23:58:22 | 000,081,770 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\f.jpg
[2010/04/08 23:58:16 | 000,067,429 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\d.jpg
[2010/04/08 23:58:07 | 000,078,265 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\s.jpg
[2010/04/08 23:58:01 | 000,078,997 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\a.jpg
[2010/04/02 23:10:12 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\YSAemploycontrct.doc
[2010/04/02 23:10:04 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\Espejoemployment-contract.doc
[2010/04/02 21:55:52 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\YSAdeed-of-sale-motor-vehicle.doc
[2010/04/02 21:52:04 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\ESPEJODEED OF SALE OF MOTOR VEHICLE.doc
[2010/04/02 13:46:56 | 000,015,541 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat
[2010/04/02 13:46:56 | 000,002,536 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat
[2010/03/31 13:33:47 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2010/03/31 13:17:00 | 000,426,704 | ---- | M] (True Games Interactive) -- C:\WINDOWS\System32\uc_wepic_launching.dll
[2010/03/24 00:58:36 | 004,236,194 | -H-- | M] () -- C:\Documents and Settings\Vongola\Local Settings\Application Data\IconCache.db
[2010/03/12 00:31:04 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\Industry Professor Evaluation System.ppt
[2010/03/10 14:43:41 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\Business Plan Presentatio.ppt
[2010/03/10 01:22:06 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\BUSINESS PLAN.doc
[2010/03/06 15:12:15 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\Vongola\.appletviewer
[2010/03/01 21:08:20 | 001,205,655 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\BLueJtutorial.pdf
[2010/02/24 21:34:15 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Vongola\My Documents\Cause Marketing.doc
[2010/02/22 21:26:00 | 000,147,456 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\uc_neosteam_launching.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/22 03:57:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Vongola\Local Settings\Application Data\prvlcl.dat
[2010/05/22 03:14:43 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Vongola\Desktop\CCleaner.lnk
[2010/05/21 06:57:45 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/05/21 06:57:45 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/05/21 06:57:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/05/21 06:57:45 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/05/21 06:57:04 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Killer.lnk
[2010/05/21 06:47:49 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/05/21 06:47:39 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/21 06:47:34 | 043,363,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/21 06:47:34 | 000,040,749 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/05/21 06:47:33 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/05/21 06:47:33 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/05/21 04:38:47 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Vongola\resetlog.txt
[2010/05/21 02:24:31 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/21 01:20:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Vongola\Desktop\HijackThis.lnk
[2010/05/18 07:39:48 | 003,407,872 | ---- | C] () -- C:\Documents and Settings\Vongola\ntuser.dat
[2010/05/18 02:07:29 | 003,686,818 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\tae.wav
[2010/05/17 01:13:55 | 000,129,463 | ---- | C] () -- C:\Documents and Settings\Vongola\Desktop\airliner07_1269088643_72988_me2photo.jpg
[2010/05/14 08:42:07 | 000,035,392 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\13318_412468234663_115619474663_5337943_6323439_n.jpg
[2010/05/14 08:40:43 | 000,018,350 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\13318_412468134663_115619474663_5337928_6264981_n.jpg
[2010/05/11 05:39:20 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\Vongola\Desktop\FlashGet.lnk
[2010/05/08 08:22:29 | 000,046,586 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\s2.jpg
[2010/05/06 00:08:54 | 000,073,900 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\aa.jpg
[2010/05/05 23:35:02 | 000,079,239 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a15.jpg
[2010/05/05 23:34:56 | 000,068,807 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a14.jpg
[2010/05/05 23:34:50 | 000,062,750 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a13.jpg
[2010/05/05 23:34:43 | 000,079,411 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a`11.jpg
[2010/05/05 23:34:36 | 000,071,568 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a12.jpg
[2010/05/05 23:34:29 | 000,078,186 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a9.jpg
[2010/05/05 23:34:15 | 000,052,289 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a8.jpg
[2010/05/05 23:33:59 | 000,096,712 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a7.jpg
[2010/05/05 23:33:50 | 000,081,731 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a6.jpg
[2010/05/05 23:33:36 | 000,093,308 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a5.jpg
[2010/05/05 23:33:29 | 000,076,909 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a4.jpg
[2010/05/05 23:33:22 | 000,109,401 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a3.jpg
[2010/05/05 23:33:11 | 000,092,251 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a2.jpg
[2010/05/05 23:33:00 | 000,076,808 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a1'.jpg
[2010/05/05 23:12:08 | 000,462,906 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\2x2 ysa.bmp
[2010/05/05 23:11:48 | 000,224,256 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\2MA Perez,Alleysa B.-1.doc
[2010/05/05 22:55:53 | 000,050,106 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\say9.jpg
[2010/05/05 22:55:44 | 000,050,355 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\say8.jpg
[2010/05/05 22:55:32 | 000,043,521 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\say7.jpg
[2010/05/05 22:55:22 | 000,046,288 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\say6.jpg
[2010/05/05 22:54:49 | 000,028,072 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\say5.jpg
[2010/05/05 22:51:05 | 000,035,998 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\say4.jpg
[2010/05/05 22:45:31 | 000,036,455 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\say3.jpg
[2010/05/05 22:45:08 | 000,040,537 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\say2.jpg
[2010/05/05 22:44:50 | 000,036,333 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\say.jpg
[2010/05/03 05:31:06 | 001,122,512 | ---- | C] () -- C:\Documents and Settings\Vongola\Desktop\finish.7z
[2010/05/02 08:42:13 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/01 23:22:42 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Vongola\Desktop\Google Chrome.lnk
[2010/05/01 23:20:20 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1965331169-725345543-1004UA.job
[2010/05/01 23:20:19 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1965331169-725345543-1004Core.job
[2010/04/30 20:16:57 | 000,034,047 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\n1493005977_30032555_3344.jpg
[2010/04/30 11:47:33 | 000,493,649 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\025377.jpg
[2010/04/30 11:46:16 | 000,231,776 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\Yoona_with_newChocolate_by_browneyedfairy23.jpg
[2010/04/30 11:45:53 | 000,766,802 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\Yoona_wallpaper_01_by_Clamy_san.jpg
[2010/04/30 07:45:23 | 000,111,258 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\girls-generation-chocolate-phone-yoona.jpg
[2010/04/24 22:53:56 | 000,261,582 | ---- | C] () -- C:\Documents and Settings\Vongola\.fastri-index
[2010/04/23 09:20:22 | 000,001,404 | ---- | C] () -- C:\Documents and Settings\Vongola\Desktop\XAMPP Control Panel.lnk
[2010/04/23 06:05:14 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\Vongola\Desktop\Aptana RadRails.lnk
[2010/04/22 19:56:45 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Vongola\Desktop\Crimson Editor.lnk
[2010/04/19 10:27:32 | 001,242,112 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\supermarket_family_feud.ppt
[2010/04/19 02:02:03 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\RubyPresentation.ppt
[2010/04/15 03:23:00 | 000,076,549 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\faimlyfeudlogo.jpg
[2010/04/15 03:01:13 | 000,058,465 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam12.jpg
[2010/04/15 03:01:05 | 000,045,265 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam11.jpg
[2010/04/15 03:00:35 | 000,082,264 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam10.jpg
[2010/04/15 03:00:19 | 000,081,956 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam8.jpg
[2010/04/15 02:59:50 | 000,086,269 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam7.jpg
[2010/04/15 02:59:32 | 000,075,532 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam6.jpg
[2010/04/15 02:59:22 | 000,086,457 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam5.jpg
[2010/04/15 02:59:07 | 000,074,901 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam4.jpg
[2010/04/15 02:58:56 | 000,090,020 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam3.jpg
[2010/04/15 02:58:25 | 000,070,452 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam2.jpg
[2010/04/15 02:58:05 | 000,082,803 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\fam.jpg
[2010/04/10 23:23:35 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\M A R A V I L L A S 2.doc
[2010/04/10 23:18:46 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\M A R A V I L L A S.doc
[2010/04/10 23:01:38 | 000,027,506 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\yoona.jpg
[2010/04/10 23:01:27 | 000,129,747 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\yoonawall.jpg
[2010/04/10 23:00:54 | 000,072,564 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\3214681115_8bd06a4c27.jpg
[2010/04/10 20:23:32 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\MARKRESRates.doc
[2010/04/09 05:00:27 | 000,239,711 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\Luctu_Yoona.jpg
[2010/04/09 04:53:01 | 000,005,730 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\hyunah.jpg
[2010/04/09 04:51:35 | 000,108,024 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\4minute_hyunah_20090514.jpg.gif
[2010/04/09 01:05:29 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\TWsample proj.doc
[2010/04/08 23:58:28 | 000,087,943 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\g.jpg
[2010/04/08 23:58:22 | 000,081,770 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\f.jpg
[2010/04/08 23:58:16 | 000,067,429 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\d.jpg
[2010/04/08 23:58:06 | 000,078,265 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\s.jpg
[2010/04/08 23:58:00 | 000,078,997 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\a.jpg
[2010/04/02 23:10:12 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\YSAemploycontrct.doc
[2010/04/02 23:10:04 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\Espejoemployment-contract.doc
[2010/04/02 21:52:04 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\ESPEJODEED OF SALE OF MOTOR VEHICLE.doc
[2010/04/02 21:25:19 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\YSAdeed-of-sale-motor-vehicle.doc
[2010/04/01 01:29:42 | 000,012,242 | ---- | C] () -- C:\Documents and Settings\Vongola\hs_err_pid1628.log
[2010/03/11 23:12:24 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\Industry Professor Evaluation System.ppt
[2010/03/10 14:43:41 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\Business Plan Presentatio.ppt
[2010/03/10 01:22:05 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\BUSINESS PLAN.doc
[2010/03/06 15:12:15 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Vongola\.appletviewer
[2010/03/01 21:08:20 | 001,205,655 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\BLueJtutorial.pdf
[2010/02/24 21:34:15 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Vongola\My Documents\Cause Marketing.doc
[2010/02/03 23:34:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GKLauncherInfo.ini
[2010/01/03 13:19:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/31 23:57:49 | 000,000,547 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/12/03 20:45:58 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2004/08/04 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/05/21 06:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/13 19:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/01/13 19:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/05/20 14:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/05/20 14:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/21 06:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/05/20 14:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/13 19:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\BitDefender
[2010/04/02 01:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\BITS
[2010/02/06 01:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\DragonicaSCB
[2010/04/02 11:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\FlashGet
[2010/04/02 11:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\FlashGetBHO
[2010/04/02 13:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\FlashgetSetup
[2010/02/14 21:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\ijjigame
[2010/01/13 19:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\QuickScan
[2010/05/21 06:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\Simply Super Software
[2010/05/21 07:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vongola\Application Data\URSoft

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/12/02 23:33:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/13 19:16:19 | 000,008,756 | ---- | M] () -- C:\bdlog.txt
[2009/12/17 19:05:07 | 010,094,608 | ---- | M] () -- C:\BdUninstallTool2009.12.17-06.01.20.log
[2009/12/17 19:05:07 | 000,000,633 | ---- | M] () -- C:\BdUninstallTool2009.12.17-06.01.20.reg
[2010/05/22 03:57:15 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/02 23:33:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/14 21:36:22 | 000,001,136 | ---- | M] () -- C:\ijjiFFPlugin.log
[2009/12/02 23:33:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/02 23:33:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/05/22 03:37:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/12/02 13:24:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/02 13:24:15 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/02 13:24:15 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/21 06:47:49 | 000,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\system32\drivers\AVGIDSxx.sys
[2010/05/21 06:47:43 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/05/21 06:47:39 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/05/21 06:47:48 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010/05/21 06:47:48 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< End of report >
=========================================================================

OTL Extras:

OTL Extras logfile created on: 5/22/2010 4:32:06 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Vongola\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 23.52 Gb Free Space | 60.20% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 26.67 Gb Free Space | 54.63% Space Free | Partition Type: NTFS
Drive E: | 48.83 Gb Total Space | 47.61 Gb Free Space | 97.51% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 38.57 Gb Free Space | 98.73% Space Free | Partition Type: NTFS
Drive G: | 57.10 Gb Total Space | 46.94 Gb Free Space | 82.20% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 71.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HAPPY-5479203B2
Current User Name: Vongola
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\Program Files\Aptana\Aptana RadRails\AptanaRadRails.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Aptana\Aptana RadRails\AptanaRadRails.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Level Up Games\K.O.S. Secret Operations\game_sting_pak\sting.exe" = D:\Level Up Games\K.O.S. Secret Operations\game_sting_pak\sting.exe:*:Enabled:½ºÆÃ¿Â¶óÀÎ -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\FlashGet\flashget.exe" = E:\Program Files\FlashGet\flashget.exe:*:Enabled:FlashGet -- (FlashGet.com)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Level Up Games\K.O.S. Secret Operations\game_sting_pak\sting.exe" = D:\Level Up Games\K.O.S. Secret Operations\game_sting_pak\sting.exe:*:Enabled:½ºÆÃ¿Â¶óÀÎ -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0D6A2A41-8A43-4583-BE32-9DADB3C4C54B}_is1" = Closed Beta
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 20
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java™ SE Development Kit 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{CE65B110-8786-47EA-A4A0-05742F29C221}_is1" = Ruby 1.8.7-p249
"7-Zip" = 7-Zip 9.10 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"Aptana RadRails" = Aptana RadRails
"AstrumNival Allods" = Allods Online 1.0.05.41
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"Crimson Editor" = Crimson Editor (remove only)
"FlashGet" = FlashGet 1.9.6.1073
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"Game Booster_is1" = Game Booster
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Ruby-186-27" = Ruby-186-27
"Tales of Fantasy_is1" = Tales of Fantasy
"Trojan Remover_is1" = Trojan Remover 6.8.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zeus" = Zeus

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AikaOnline" = AikaOnline
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2010 9:58:43 AM | Computer Name = HAPPY-5479203B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/21/2010 9:58:58 AM | Computer Name = HAPPY-5479203B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/21/2010 9:59:14 AM | Computer Name = HAPPY-5479203B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/21/2010 9:59:15 AM | Computer Name = HAPPY-5479203B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/21/2010 10:06:27 AM | Computer Name = HAPPY-5479203B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/21/2010 10:07:12 AM | Computer Name = HAPPY-5479203B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/21/2010 10:33:01 AM | Computer Name = HAPPY-5479203B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 5/21/2010 10:33:03 AM | Computer Name = HAPPY-5479203B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/21/2010 10:34:01 AM | Computer Name = HAPPY-5479203B2 | Source = Application Error | ID = 1000
Description = Faulting application avgwdsvc.exe, version 9.0.0.663, faulting module
winspamcatcher.dll, version 6.0.0.5, fault address 0x0002aec8.

Error - 5/22/2010 5:34:26 AM | Computer Name = HAPPY-5479203B2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 5/20/2010 6:50:22 PM | Computer Name = HAPPY-5479203B2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 0019DB4C6717.

Error - 5/20/2010 7:09:22 PM | Computer Name = HAPPY-5479203B2 | Source = Dhcp | ID = 1002
Description = The IP address lease 202.8.236.26 for the Network Card with network
address 0019DB4C6717 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/20/2010 7:09:48 PM | Computer Name = HAPPY-5479203B2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 0019DB4C6717.

Error - 5/20/2010 7:57:24 PM | Computer Name = HAPPY-5479203B2 | Source = Dhcp | ID = 1002
Description = The IP address lease 202.8.236.26 for the Network Card with network
address 0019DB4C6717 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/20/2010 7:57:51 PM | Computer Name = HAPPY-5479203B2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 0019DB4C6717.

Error - 5/20/2010 8:32:55 PM | Computer Name = HAPPY-5479203B2 | Source = Dhcp | ID = 1002
Description = The IP address lease 202.8.236.26 for the Network Card with network
address 0019DB4C6717 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/20/2010 8:33:17 PM | Computer Name = HAPPY-5479203B2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 0019DB4C6717.

Error - 5/21/2010 2:30:24 AM | Computer Name = HAPPY-5479203B2 | Source = Dhcp | ID = 1002
Description = The IP address lease 202.8.236.26 for the Network Card with network
address 0019DB4C6717 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/21/2010 2:30:52 AM | Computer Name = HAPPY-5479203B2 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 0019DB4C6717.

Error - 5/21/2010 10:34:15 AM | Computer Name = HAPPY-5479203B2 | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

< End of report >
==========================================================

and the GMER log just now also:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-22 04:27:40
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Vongola\LOCALS~1\Temp\kgxcikoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xB83A1470]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xB83A1520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xB83A15C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xB83A1660]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7308380, 0x5414D5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[140] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Vongola\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2660] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 199

---- EOF - GMER 1.0.15 ----
=======================================================

thanks again guys..

#1
archive13

Posted 21 May 2010 - 02:53 AM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us