Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Google has been HIJACKED [Closed]

Started by Francwaa , Jun 22 2010 07:50 AM

  • This topic is locked This topic is locked

#1
Francwaa
Posted 22 June 2010 - 07:50 AM

Francwaa

    Member

  • Member
  • PipPip
  • 13 posts
I have never had any issues prior to a few weeks ago, I'm not completely sure what I downloaded, but whenever I use google as a search engine I'm redirected to ads like vehix, bt cars, and norton just to name a few. I'm completely frustrated at this point and I am certainly at my wits end. A little more background, I currently run vista and have AVG vers. 9.0.837 running I also do a bi weekly check using Malwarebytes and AdvanceSystemCare. None of these are working and at this point so if anyone can help I'm all eyes and ears. :)
  • 0

Advertisements

#2
Aaron
Posted 22 June 2010 - 11:13 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi, welcome to Geeks to Go :) !
My name is Maser00 and I will be helping you with your problem(s).

Before we start I need to tell you a few things:
  • I am still in training here at GeekU, therefore my instructions will be checked by someone of the malware staff first. It could take a little bit more time then usual because of this.
  • Please post all the requested logs directly in your reply, do not attach them unless asked so.
  • At least read all my instructions once before you carry them out.
  • Stay active in this topic! Because your computer is running better does not mean there is no malware left, I will tell you when we are done.
  • Please don't run any other malware removal tools/programs or instructions that I didn't asked for.

And you can always ask me to explain something better when something isn't clear. :)
I am making my instructions for you right now and I will post them immediately when they are checked.

Please follow these steps:

Step 1

Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.

Step 2

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

Please post the logs of OTL and GMER in your next reply. If you are unable to post the logs then you can attach them :)

- Maser00
  • 0

#3
Francwaa
Posted 22 June 2010 - 12:01 PM

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL.txt:
OTL logfile created on: 6/22/2010 1:39:32 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Yesm125\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.10 Gb Total Space | 30.88 Gb Free Space | 30.24% Space Free | Partition Type: NTFS
Drive D: | 9.69 Gb Total Space | 4.45 Gb Free Space | 45.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YESM125-PC
Current User Name: Yesm125
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/22 13:29:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Yesm125\Downloads\OTL.exe
PRC - [2010/06/22 08:20:09 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/22 08:20:02 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/22 08:20:02 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 08:19:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 08:19:52 | 000,731,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcfgex.exe
PRC - [2010/06/22 08:19:45 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/06/22 08:19:43 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/22 08:19:39 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/22 08:19:35 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/06/22 08:19:35 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/22 08:19:33 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 08:19:31 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/16 18:00:52 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdxserv.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/25 12:55:49 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/03/20 02:25:43 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2008/03/20 02:25:42 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe
PRC - [2007/01/29 18:11:36 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2005/11/30 05:47:52 | 000,013,888 | ---- | M] (ewido networks) -- C:\Program Files\ewido anti-malware\ewidoctrl.exe


========== Modules (SafeList) ==========

MOD - [2010/06/22 13:29:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Yesm125\Downloads\OTL.exe
MOD - [2010/06/22 08:20:02 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - [2010/06/22 08:19:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 08:19:43 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/06/22 08:19:39 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/22 08:19:35 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/19 10:25:46 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/03/18 05:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/12/03 20:26:10 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/16 18:00:52 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/09 18:59:36 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/29 18:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/30 05:47:52 | 000,013,888 | ---- | M] (ewido networks) [Auto | Running] -- C:\Program Files\ewido anti-malware\ewidoctrl.exe -- (ewido security suite control)


========== Driver Services (SafeList) ==========

DRV - [2010/06/22 08:20:06 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 08:19:51 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/06/22 08:19:51 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/06/22 08:19:51 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/06/22 08:19:51 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/06/22 08:19:35 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/18 18:17:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/18 14:41:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/06/18 14:39:11 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/06/01 15:00:45 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/03/23 02:17:06 | 001,170,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2010/03/11 05:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 18:04:02 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/26 11:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/07/26 11:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 09:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/01/02 04:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/20 14:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/28 03:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/09/29 05:29:42 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/09/15 12:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:4.1.12s
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/18 18:25:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/18 14:42:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/01 12:55:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/01 12:55:33 | 000,000,000 | ---D | M]

[2010/03/05 20:35:55 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Extensions
[2010/06/21 20:20:02 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions
[2010/03/17 13:03:56 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010/04/27 13:13:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/17 13:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/05/27 09:14:38 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010/03/17 13:03:55 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/05/06 08:49:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/20 09:10:02 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/20 09:10:06 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\[email protected]
[2010/03/17 12:32:07 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\[email protected]
[2010/03/16 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\SkipScreen@SkipScreen
[2010/06/12 08:56:23 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\[email protected]
[2010/03/17 10:11:01 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\[email protected]
[2010/06/14 09:56:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/15 10:08:15 | 000,404,392 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13984 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\bae.dll (Gateway Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Yesm125\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Yesm125\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files\ewido anti-malware\shellhook.dll ()
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 000,000,053 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e69a84e3-a18d-11de-a59d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e69a84e3-a18d-11de-a59d-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2010/04/01 00:23:19 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - ac3filter.acm ()
Drivers32: msacm.avis - ff_acm.acm ()
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.divxa32 - DivXa32.acm (Packed With Joy !)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.lameacm - LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.vorbis - vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - divx.dll (DivX, Inc.)
Drivers32: vidc.ffds - ff_vfw.dll ()
Drivers32: vidc.i420 - lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.vp60 - vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - xvidvfw.dll ()
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - divx.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/22 08:20:02 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/06/21 22:40:44 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/06/21 20:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/06/21 20:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/20 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\gtk-2.0
[2010/06/20 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\.thumbnails
[2010/06/20 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\.gimp-2.6
[2010/06/20 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\gegl-0.0
[2010/06/20 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/06/20 16:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/06/20 16:51:53 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Local\Paint.NET
[2010/06/18 23:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2010/06/18 20:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\ewido anti-malware
[2010/06/18 19:50:33 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\AVG9
[2010/06/18 15:03:05 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Local\AVG Security Toolbar
[2010/06/18 14:43:03 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/18 14:43:01 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/06/18 14:42:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/06/18 14:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/06/18 14:41:08 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/06/18 14:41:07 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/06/18 14:41:05 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/18 14:39:10 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/06/18 14:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/18 14:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/06/18 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Local\Yahoo!
[2010/06/17 09:33:32 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\Outerspace Software
[2010/06/17 09:33:32 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\BluffTitler
[2010/06/17 09:31:35 | 000,000,000 | ---D | C] -- C:\Outerspace Software
[2010/06/15 17:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Simnet
[2010/06/15 09:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/15 09:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/14 20:24:37 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Desktop\SmitfraudFix
[2010/06/14 11:03:09 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/14 11:03:09 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/14 11:03:09 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/14 11:03:09 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/14 11:03:07 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/14 11:01:59 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/14 11:01:59 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/06/14 11:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/06/14 11:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/13 17:27:05 | 017,659,198 | ---- | C] (Loaris, Inc. ) -- C:\Users\Yesm125\Documents\loaristrojanremover.exe
[2010/06/13 10:55:56 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Tracing
[2010/06/13 10:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/13 10:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/13 10:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/13 10:46:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/13 10:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/13 10:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/06/13 10:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/13 09:59:56 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\{d3623ad7-c9f1-419b-bb72-b434aa8d73c5}
[2010/06/11 08:53:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/06 16:17:48 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\{239ce63c-7c7d-46c4-8aa6-a2e40009a3ea}
[2010/06/06 15:11:11 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\Faces
[2010/06/05 11:00:05 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\CyberLink
[2010/06/05 11:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/06/03 12:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Brain Bullet!
[2010/06/03 12:09:24 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\IN-MEDIAKG
[2010/06/03 12:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\FotoWorksXL
[2010/06/03 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\mresreg
[2010/06/02 17:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Recovery Magic
[2010/06/01 23:18:01 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/06/01 13:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Home Photo Studio
[2010/06/01 12:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/01 12:52:50 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010/06/01 12:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/05/30 13:26:38 | 000,000,000 | R--D | C] -- C:\Program Files\TypingMaster
[2010/05/28 09:18:38 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\GlarySoft
[2010/05/28 08:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/05/27 09:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\HyperSnap 6
[2010/05/27 09:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jam DVD Copy
[2010/05/27 09:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Jam DVD Copy
[2010/05/27 09:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam Toolbar
[2010/05/27 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2010/05/27 08:28:31 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\SecurityScans
[2010/05/27 08:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2010/05/25 03:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/05/24 11:06:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/05/24 11:06:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/05/24 11:06:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/19 14:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/19 14:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/19 14:44:48 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/19 14:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/18 17:38:47 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\Malwarebytes
[2010/05/18 17:38:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/18 17:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/18 17:38:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/18 17:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/05 20:31:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/22 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\IObit
[2010/04/22 16:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/04/21 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2010/04/20 10:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2010/04/20 10:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2010/04/12 17:39:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\custom matrices
[2010/04/12 17:39:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/04/12 09:59:44 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2010/04/12 09:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/04/10 22:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2010/04/10 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/04/10 17:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/10 16:20:36 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Local\IsolatedStorage
[2010/04/07 17:09:14 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Local\Real
[2010/04/07 17:09:13 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\Real
[2010/04/07 17:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/04/07 17:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonne DVD Burner
[2010/04/07 17:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sonne DVD Burner
[2010/04/04 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\TeamViewer
[2010/04/04 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/04/01 00:15:24 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010/03/29 22:45:22 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\SPSSInc
[2010/03/29 12:43:34 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\The Struggles
[2010/03/28 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\SafeNet Sentinel
[2010/03/28 20:53:49 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\.spss
[2010/03/28 13:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
[2010/03/28 13:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SPSS
[2010/03/28 13:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPSS
[2010/03/28 13:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\SPSSInc
[2010/03/27 19:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2009/10/16 15:27:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll
[2009/03/01 21:23:42 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2009/03/01 21:23:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2009/03/01 21:23:42 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2009/03/01 21:23:41 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2009/03/01 21:23:41 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2009/03/01 21:23:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2009/03/01 21:23:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2009/03/01 21:23:39 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2009/03/01 21:23:38 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2009/03/01 21:23:35 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2009/03/01 21:23:35 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[2006/12/20 23:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2006/12/20 23:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2006/12/20 23:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2006/12/20 22:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2006/12/20 22:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2006/12/20 22:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2006/12/20 22:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2006/12/20 22:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2006/12/20 22:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2006/12/20 22:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2006/12/20 22:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\Users\Yesm125\Documents\*.tmp files -> C:\Users\Yesm125\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Yesm125\*.tmp files -> C:\Users\Yesm125\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/22 13:49:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/22 13:48:58 | 009,437,184 | -HS- | M] () -- C:\Users\Yesm125\ntuser.dat
[2010/06/22 12:58:01 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/22 12:58:01 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/22 09:05:01 | 000,755,222 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/22 09:05:01 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/22 09:05:01 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/22 08:59:55 | 000,042,621 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\nvModes.dat
[2010/06/22 08:59:55 | 000,042,621 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\nvModes.001
[2010/06/22 08:58:56 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/06/22 08:58:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/22 08:58:34 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\Pbfulvngqd.job
[2010/06/22 08:58:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/22 08:57:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/22 08:57:47 | 1005,240,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/22 08:55:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/22 08:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\Yesm125\ntuser.dat{2e08add6-87af-11de-95e3-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/06/22 08:55:22 | 000,065,536 | -HS- | M] () -- C:\Users\Yesm125\ntuser.dat{2e08add6-87af-11de-95e3-00038a000015}.TM.blf
[2010/06/22 08:55:07 | 002,258,065 | -H-- | M] () -- C:\Users\Yesm125\AppData\Local\IconCache.db
[2010/06/22 08:20:06 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/22 08:20:02 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/06/22 08:19:51 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/06/22 08:19:35 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/22 08:16:41 | 061,301,072 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/21 22:41:41 | 000,003,460 | ---- | M] () -- C:\Windows\System32\log.xml
[2010/06/21 22:40:44 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/06/21 20:25:24 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/06/21 20:25:02 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/06/20 23:26:19 | 000,058,368 | ---- | M] () -- C:\Users\Yesm125\Desktop\APP2ymelo.doc
[2010/06/20 23:26:19 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Desktop\~$P2ymelo.doc
[2010/06/20 17:55:15 | 000,000,841 | ---- | M] () -- C:\Users\Yesm125\.recently-used.xbel
[2010/06/20 17:18:12 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/06/20 16:55:10 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/06/18 22:50:57 | 000,000,357 | ---- | M] () -- C:\Users\Yesm125\Desktop\Downloads - Shortcut.lnk
[2010/06/18 22:50:03 | 000,000,357 | ---- | M] () -- C:\Users\Yesm125\Downloads - Shortcut.lnk
[2010/06/18 20:21:22 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\ewido anti-malware.lnk
[2010/06/18 18:17:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/06/18 14:43:22 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/06/18 14:43:01 | 000,597,578 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/06/18 14:42:59 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/06/18 14:41:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/06/18 14:39:11 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/06/17 10:10:01 | 000,091,136 | ---- | M] () -- C:\Users\Yesm125\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/17 09:31:47 | 000,001,708 | ---- | M] () -- C:\Users\Public\Desktop\BluffTitler.lnk
[2010/06/16 13:35:08 | 000,111,490 | ---- | M] () -- C:\Users\Yesm125\Documents\NoHassleAutoSale ad.docx
[2010/06/15 17:05:18 | 000,000,961 | ---- | M] () -- C:\Users\Yesm125\Desktop\Simple Sticky Notes.lnk
[2010/06/15 10:11:06 | 000,001,109 | ---- | M] () -- C:\Users\Yesm125\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/15 10:11:06 | 000,001,085 | ---- | M] () -- C:\Users\Yesm125\Desktop\Spybot - Search & Destroy.lnk
[2010/06/15 10:08:15 | 000,404,392 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/14 22:53:30 | 000,000,691 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\GetValue.vbs
[2010/06/14 22:53:30 | 000,000,035 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\SetValue.bat
[2010/06/14 22:53:29 | 000,004,238 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/06/14 22:53:24 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100615-100815.backup
[2010/06/14 11:03:09 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/14 11:03:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/06/13 19:40:56 | 000,085,504 | RHS- | M] () -- C:\Windows\System32\normnfci.dll
[2010/06/13 17:35:42 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
[2010/06/13 17:29:23 | 017,659,198 | ---- | M] (Loaris, Inc. ) -- C:\Users\Yesm125\Documents\loaristrojanremover.exe
[2010/06/13 17:06:13 | 001,720,086 | ---- | M] () -- C:\Windows\System32\TmpA21970151
[2010/06/11 12:53:23 | 000,240,992 | ---- | M] () -- C:\Users\Yesm125\Documents\VIRUS REMOVAL ad.docx
[2010/06/11 03:47:51 | 000,303,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/09 22:28:23 | 000,030,222 | ---- | M] () -- C:\Users\Yesm125\Documents\lifespan week one discussion.docx
[2010/06/05 10:59:39 | 000,000,289 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\burnaware.ini
[2010/06/05 08:41:13 | 000,015,296 | ---- | M] () -- C:\Users\Yesm125\Documents\Go to Google sEARCH qUERIES.docx
[2010/06/03 13:24:34 | 180,486,144 | ---- | M] () -- C:\Users\Yesm125\Documents\Resume Maker.iso
[2010/06/03 12:40:15 | 000,001,679 | ---- | M] () -- C:\Users\Yesm125\Desktop\Brain Bullet!.lnk
[2010/06/03 12:09:29 | 000,000,840 | ---- | M] () -- C:\Users\Yesm125\Desktop\FotoWorksXL.lnk
[2010/06/02 17:13:01 | 000,000,857 | ---- | M] () -- C:\Users\Yesm125\Desktop\RAR Password Recovery Magic.lnk
[2010/06/02 00:09:18 | 000,029,959 | ---- | M] () -- C:\Users\Yesm125\Documents\Tuneup Vista with these Windows Vista Performance Tweaks.docx
[2010/06/01 17:33:20 | 000,073,552 | ---- | M] () -- C:\Users\Yesm125\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/01 13:18:39 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\Home Photo Studio.lnk
[2010/06/01 13:08:04 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/01 13:08:04 | 000,000,088 | RHS- | M] () -- C:\ProgramData\3C91D16FB8.sys
[2010/06/01 01:00:04 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/05/31 15:17:42 | 000,021,504 | ---- | M] () -- C:\Users\Yesm125\Documents\STATS WEEK 12.xls
[2010/05/30 13:34:15 | 000,000,024 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\MyPhrases.dta
[2010/05/30 13:27:04 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\TypingMaster Pro.lnk
[2010/05/30 13:27:04 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\TypingMaster Pro User Manager.lnk
[2010/05/28 08:50:29 | 000,000,797 | ---- | M] () -- C:\Users\Yesm125\Desktop\Glary Utilities.lnk
[2010/05/27 09:59:40 | 000,000,787 | ---- | M] () -- C:\Users\Yesm125\Desktop\HyperSnap 6.lnk
[2010/05/27 09:32:02 | 000,000,748 | ---- | M] () -- C:\Users\Yesm125\Desktop\Jam DVD Copy.lnk
[2010/05/27 08:26:39 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[2010/05/25 03:25:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/25 03:25:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/24 00:50:42 | 000,311,296 | ---- | M] () -- C:\Users\Yesm125\Documents\FINAL PROJECT STATITTCIS.doc
[2010/05/23 20:29:57 | 000,026,329 | ---- | M] () -- C:\Users\Yesm125\Documents\Chapter 12 week 9.docx
[2010/05/23 20:24:00 | 000,033,969 | ---- | M] () -- C:\Users\Yesm125\Desktop\FREQUENCY DISTRIBUTION.spv
[2010/05/23 19:10:19 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$apter 12 week 9.docx
[2010/05/22 18:05:05 | 000,037,030 | ---- | M] () -- C:\Users\Yesm125\Desktop\ANOVA.spv
[2010/05/22 17:42:14 | 000,012,777 | ---- | M] () -- C:\Users\Yesm125\Desktop\T TEST STATS.spv
[2010/05/22 17:30:01 | 000,012,657 | ---- | M] () -- C:\Users\Yesm125\Documents\STATISTICS TEST RUNNING.docx
[2010/05/22 17:30:01 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$ATISTICS TEST RUNNING.docx
[2010/05/19 22:49:00 | 000,005,989 | ---- | M] () -- C:\Users\Yesm125\Documents\howell data set into spss.sav
[2010/05/19 22:41:07 | 000,005,989 | ---- | M] () -- C:\Users\Yesm125\Documents\howell data set.sav
[2010/05/19 19:24:35 | 000,023,535 | ---- | M] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs for sale.docx
[2010/05/19 14:44:58 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/18 17:38:22 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/15 01:20:21 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/05/11 18:16:19 | 000,020,518 | ---- | M] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs Fanfare for the Common man.docx
[2010/05/10 21:38:47 | 000,022,602 | ---- | M] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs Animals without oxygen.docx
[2010/05/10 13:11:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/04 09:30:02 | 000,199,513 | ---- | M] () -- C:\Users\Yesm125\Documents\FPC Resume.pdf
[2010/05/04 09:29:42 | 000,042,714 | ---- | M] () -- C:\Users\Yesm125\Documents\FPC Resume.docx
[2010/05/04 09:29:42 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$C Resume.docx
[2010/05/03 10:25:32 | 000,671,874 | ---- | M] () -- C:\Users\Yesm125\Documents\Things you can do on SPSS 17.pdf
[2010/05/03 10:23:56 | 000,610,156 | ---- | M] () -- C:\Users\Yesm125\Documents\Things you can do on SPSS 17.docx
[2010/04/30 20:04:23 | 127,375,890 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 13:59:59 | 000,000,134 | ---- | M] () -- C:\Users\Yesm125\Desktop\Windows Mobility Center - Shortcut.lnk
[2010/04/29 13:52:20 | 000,000,208 | ---- | M] () -- C:\Users\Yesm125\Desktop\NVIDIA Control Panel - Shortcut.lnk
[2010/04/27 18:25:13 | 000,542,856 | ---- | M] () -- C:\Users\Yesm125\Documents\2009 Melo Y Form 1040 Individual Tax Return.tax2009
[2010/04/22 17:00:05 | 000,001,038 | ---- | M] () -- C:\Users\Yesm125\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/04/22 17:00:04 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/04/21 17:42:31 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2010/04/20 10:06:16 | 000,000,178 | ---- | M] () -- C:\Users\Yesm125\Desktop\Buy RAR Password Recovery Now!.url
[2010/04/20 08:58:25 | 000,000,680 | ---- | M] () -- C:\Users\Yesm125\AppData\Local\d3d9caps.dat
[2010/04/18 20:01:35 | 000,042,496 | ---- | M] () -- C:\Users\Yesm125\Documents\week 6 questions..doc
[2010/04/16 16:03:56 | 000,000,480 | ---- | M] () -- C:\Users\Yesm125\Documents\error.rp1
[2010/04/16 16:03:54 | 000,000,000 | ---- | M] () -- C:\Users\Yesm125\Documents\error.rp4
[2010/04/16 16:03:54 | 000,000,000 | ---- | M] () -- C:\Users\Yesm125\Documents\error.rp3
[2010/04/16 16:03:54 | 000,000,000 | ---- | M] () -- C:\Users\Yesm125\Documents\error.rp2
[2010/04/16 16:03:54 | 000,000,000 | ---- | M] () -- C:\Users\Yesm125\Documents\error.rp0
[2010/04/13 11:52:05 | 000,163,154 | ---- | M] () -- C:\Users\Yesm125\Documents\Tax Update Y_MELO.pdf
[2010/04/12 10:17:30 | 000,000,086 | ---- | M] () -- C:\Windows\wininit.ini
[2010/04/11 07:45:47 | 004,171,697 | ---- | M] () -- C:\Users\Yesm125\Documents\Untitled.wma
[2010/04/11 07:45:43 | 000,032,103 | -H-- | M] () -- C:\Users\Yesm125\Documents\Folder.jpg
[2010/04/11 07:45:43 | 000,032,103 | -H-- | M] () -- C:\Users\Yesm125\Documents\AlbumArt_{65DCB901-EEBE-4324-9E71-F16F0BC663FA}_Large.jpg
[2010/04/11 02:27:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2010/04/11 02:27:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_winusb_01009.Wdf
[2010/04/11 02:27:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/04/10 22:11:19 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2010/04/10 16:46:06 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/04/09 22:57:16 | 000,000,943 | ---- | M] () -- C:\Users\Yesm125\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/04/08 23:35:39 | 000,160,998 | ---- | M] () -- C:\Users\Yesm125\Documents\Myron Confirmation.pdf
[2010/04/08 14:58:19 | 001,141,760 | ---- | M] () -- C:\Users\Yesm125\Documents\Network.doc
[2010/04/08 14:58:19 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$etwork.doc
[2010/04/08 14:30:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/04/07 17:07:35 | 000,000,761 | ---- | M] () -- C:\Users\Yesm125\Desktop\Sonne DVD Burner.lnk
[2010/04/05 18:28:34 | 000,188,416 | ---- | M] () -- C:\Users\Yesm125\Documents\Candidate_Info_Sheet_Charlot.doc
[2010/04/05 18:27:05 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$ndidate_Info_Sheet_Charlot.doc
[2010/04/04 19:31:32 | 000,047,616 | ---- | M] () -- C:\Users\Yesm125\Documents\app4ymelo.......doc
[2010/04/04 19:31:32 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$p4ymelo.......doc
[2010/04/04 16:07:21 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/04/02 16:14:23 | 000,040,324 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/04/01 12:03:55 | 000,000,572 | ---- | M] () -- C:\Users\Yesm125\Desktop\hjsplit - Shortcut.lnk
[2010/04/01 12:03:55 | 000,000,572 | ---- | M] () -- C:\Users\Yesm125\Desktop\hjsplit - Shortcut - Copy.lnk
[2010/04/01 00:59:36 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/03/31 20:36:23 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010/03/31 20:35:31 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010/03/29 22:49:30 | 000,043,520 | ---- | M] () -- C:\Users\Yesm125\Documents\app3YMELO.doc
[2010/03/29 22:09:21 | 000,018,544 | ---- | M] () -- C:\Users\Yesm125\Documents\STATS 3.27.10.docx
[2010/03/28 13:47:28 | 000,000,114 | ---- | M] () -- C:\Windows\System32\prsgrc.tgz
[2010/03/28 13:47:25 | 000,001,024 | ---- | M] () -- C:\Windows\System32\grcauth2.dll
[2010/03/28 13:47:24 | 000,001,024 | ---- | M] () -- C:\Windows\System32\grcauth1.dll
[2010/03/28 13:47:24 | 000,000,100 | ---- | M] () -- C:\Windows\System32\prsgrc.dll
[2010/03/28 12:57:54 | 000,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm
[2010/03/28 12:57:53 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2010/03/28 12:57:50 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2010/03/28 12:57:39 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
[2010/03/28 12:57:38 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
[2010/03/26 09:47:17 | 000,003,418 | ---- | M] () -- C:\Users\Yesm125\Documents\survey_software_results.html
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\Users\Yesm125\Documents\*.tmp files -> C:\Users\Yesm125\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Yesm125\*.tmp files -> C:\Users\Yesm125\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/21 22:41:40 | 000,003,460 | ---- | C] () -- C:\Windows\System32\log.xml
[2010/06/21 20:25:24 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/06/21 20:25:02 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/06/21 20:02:10 | 1005,240,320 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/20 23:26:19 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Desktop\~$P2ymelo.doc
[2010/06/20 23:26:08 | 000,058,368 | ---- | C] () -- C:\Users\Yesm125\Desktop\APP2ymelo.doc
[2010/06/20 17:55:15 | 000,000,841 | ---- | C] () -- C:\Users\Yesm125\.recently-used.xbel
[2010/06/20 17:18:12 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/06/20 16:55:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/06/18 22:50:57 | 000,000,357 | ---- | C] () -- C:\Users\Yesm125\Desktop\Downloads - Shortcut.lnk
[2010/06/18 22:50:03 | 000,000,357 | ---- | C] () -- C:\Users\Yesm125\Downloads - Shortcut.lnk
[2010/06/18 20:21:22 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\ewido anti-malware.lnk
[2010/06/18 14:43:22 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/06/18 14:42:59 | 000,597,578 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/06/18 14:42:59 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/06/18 14:42:54 | 061,301,072 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/17 09:31:47 | 000,001,708 | ---- | C] () -- C:\Users\Public\Desktop\BluffTitler.lnk
[2010/06/16 13:34:47 | 000,111,490 | ---- | C] () -- C:\Users\Yesm125\Documents\NoHassleAutoSale ad.docx
[2010/06/15 17:05:18 | 000,000,961 | ---- | C] () -- C:\Users\Yesm125\Desktop\Simple Sticky Notes.lnk
[2010/06/15 09:57:03 | 000,001,109 | ---- | C] () -- C:\Users\Yesm125\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/15 09:57:03 | 000,001,085 | ---- | C] () -- C:\Users\Yesm125\Desktop\Spybot - Search & Destroy.lnk
[2010/06/14 22:53:30 | 000,000,691 | ---- | C] () -- C:\Users\Yesm125\AppData\Roaming\GetValue.vbs
[2010/06/14 22:53:30 | 000,000,035 | ---- | C] () -- C:\Users\Yesm125\AppData\Roaming\SetValue.bat
[2010/06/14 22:53:29 | 000,004,238 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/06/14 11:03:09 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/13 19:41:09 | 000,000,318 | -HS- | C] () -- C:\Windows\tasks\Pbfulvngqd.job
[2010/06/13 19:40:56 | 000,085,504 | RHS- | C] () -- C:\Windows\System32\normnfci.dll
[2010/06/13 17:06:13 | 001,720,086 | ---- | C] () -- C:\Windows\System32\TmpA21970151
[2010/06/13 10:05:10 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/06/13 10:00:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2010/06/11 12:53:16 | 000,240,992 | ---- | C] () -- C:\Users\Yesm125\Documents\VIRUS REMOVAL ad.docx
[2010/06/09 22:28:22 | 000,030,222 | ---- | C] () -- C:\Users\Yesm125\Documents\lifespan week one discussion.docx
[2010/06/05 08:41:10 | 000,015,296 | ---- | C] () -- C:\Users\Yesm125\Documents\Go to Google sEARCH qUERIES.docx
[2010/06/03 13:17:30 | 180,486,144 | ---- | C] () -- C:\Users\Yesm125\Documents\Resume Maker.iso
[2010/06/03 12:40:15 | 000,001,679 | ---- | C] () -- C:\Users\Yesm125\Desktop\Brain Bullet!.lnk
[2010/06/03 12:09:29 | 000,000,840 | ---- | C] () -- C:\Users\Yesm125\Desktop\FotoWorksXL.lnk
[2010/06/02 17:13:01 | 000,000,857 | ---- | C] () -- C:\Users\Yesm125\Desktop\RAR Password Recovery Magic.lnk
[2010/06/02 00:08:48 | 000,029,959 | ---- | C] () -- C:\Users\Yesm125\Documents\Tuneup Vista with these Windows Vista Performance Tweaks.docx
[2010/06/01 13:18:39 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\Home Photo Studio.lnk
[2010/06/01 12:57:57 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3C91D16FB8.sys
[2010/06/01 12:57:56 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/31 19:17:45 | 000,000,572 | ---- | C] () -- C:\Users\Yesm125\Desktop\hjsplit - Shortcut - Copy.lnk
[2010/05/31 15:17:41 | 000,021,504 | ---- | C] () -- C:\Users\Yesm125\Documents\STATS WEEK 12.xls
[2010/05/30 13:34:15 | 000,000,024 | ---- | C] () -- C:\Users\Yesm125\AppData\Roaming\MyPhrases.dta
[2010/05/30 13:27:04 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\TypingMaster Pro.lnk
[2010/05/30 13:27:04 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\TypingMaster Pro User Manager.lnk
[2010/05/28 08:50:45 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/05/28 08:50:29 | 000,000,797 | ---- | C] () -- C:\Users\Yesm125\Desktop\Glary Utilities.lnk
[2010/05/27 09:59:40 | 000,000,787 | ---- | C] () -- C:\Users\Yesm125\Desktop\HyperSnap 6.lnk
[2010/05/27 09:32:02 | 000,000,748 | ---- | C] () -- C:\Users\Yesm125\Desktop\Jam DVD Copy.lnk
[2010/05/27 08:26:39 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[2010/05/25 03:25:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/25 03:25:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/24 00:50:38 | 000,311,296 | ---- | C] () -- C:\Users\Yesm125\Documents\FINAL PROJECT STATITTCIS.doc
[2010/05/23 20:18:56 | 000,033,969 | ---- | C] () -- C:\Users\Yesm125\Desktop\FREQUENCY DISTRIBUTION.spv
[2010/05/23 19:10:19 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$apter 12 week 9.docx
[2010/05/22 18:05:05 | 000,037,030 | ---- | C] () -- C:\Users\Yesm125\Desktop\ANOVA.spv
[2010/05/22 17:42:14 | 000,012,777 | ---- | C] () -- C:\Users\Yesm125\Desktop\T TEST STATS.spv
[2010/05/22 17:30:01 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$ATISTICS TEST RUNNING.docx
[2010/05/22 17:30:00 | 000,012,657 | ---- | C] () -- C:\Users\Yesm125\Documents\STATISTICS TEST RUNNING.docx
[2010/05/20 21:29:41 | 000,026,329 | ---- | C] () -- C:\Users\Yesm125\Documents\Chapter 12 week 9.docx
[2010/05/19 22:49:00 | 000,005,989 | ---- | C] () -- C:\Users\Yesm125\Documents\howell data set into spss.sav
[2010/05/19 22:41:06 | 000,005,989 | ---- | C] () -- C:\Users\Yesm125\Documents\howell data set.sav
[2010/05/19 19:24:32 | 000,023,535 | ---- | C] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs for sale.docx
[2010/05/19 14:44:57 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/18 17:38:22 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 08:36:39 | 000,050,688 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2010/05/11 18:16:18 | 000,020,518 | ---- | C] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs Fanfare for the Common man.docx
[2010/05/10 21:36:32 | 000,022,602 | ---- | C] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs Animals without oxygen.docx
[2010/05/10 13:11:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/05/04 12:36:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/05/04 09:29:57 | 000,199,513 | ---- | C] () -- C:\Users\Yesm125\Documents\FPC Resume.pdf
[2010/05/04 09:29:42 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$C Resume.docx
[2010/05/04 09:29:37 | 000,042,714 | ---- | C] () -- C:\Users\Yesm125\Documents\FPC Resume.docx
[2010/05/03 10:25:26 | 000,671,874 | ---- | C] () -- C:\Users\Yesm125\Documents\Things you can do on SPSS 17.pdf
[2010/05/03 10:23:46 | 000,610,156 | ---- | C] () -- C:\Users\Yesm125\Documents\Things you can do on SPSS 17.docx
[2010/04/29 13:59:59 | 000,000,134 | ---- | C] () -- C:\Users\Yesm125\Desktop\Windows Mobility Center - Shortcut.lnk
[2010/04/29 13:52:20 | 000,000,208 | ---- | C] () -- C:\Users\Yesm125\Desktop\NVIDIA Control Panel - Shortcut.lnk
[2010/04/22 17:00:05 | 000,001,038 | ---- | C] () -- C:\Users\Yesm125\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/04/22 17:00:04 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/04/21 18:26:07 | 000,000,289 | ---- | C] () -- C:\Users\Yesm125\AppData\Roaming\burnaware.ini
[2010/04/21 17:42:31 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2010/04/20 10:50:00 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
[2010/04/20 10:06:16 | 000,000,178 | ---- | C] () -- C:\Users\Yesm125\Desktop\Buy RAR Password Recovery Now!.url
[2010/04/18 20:01:31 | 000,042,496 | ---- | C] () -- C:\Users\Yesm125\Documents\week 6 questions..doc
[2010/04/16 16:03:54 | 000,000,480 | ---- | C] () -- C:\Users\Yesm125\Documents\error.rp1
[2010/04/16 16:03:54 | 000,000,000 | ---- | C] () -- C:\Users\Yesm125\Documents\error.rp4
[2010/04/16 16:03:54 | 000,000,000 | ---- | C] () -- C:\Users\Yesm125\Documents\error.rp3
[2010/04/16 16:03:54 | 000,000,000 | ---- | C] () -- C:\Users\Yesm125\Documents\error.rp2
[2010/04/16 16:03:54 | 000,000,000 | ---- | C] () -- C:\Users\Yesm125\Documents\error.rp0
[2010/04/13 11:51:55 | 000,163,154 | ---- | C] () -- C:\Users\Yesm125\Documents\Tax Update Y_MELO.pdf
[2010/04/12 11:48:34 | 000,032,103 | -H-- | C] () -- C:\Users\Yesm125\Documents\Folder.jpg
[2010/04/12 11:48:34 | 000,032,103 | -H-- | C] () -- C:\Users\Yesm125\Documents\AlbumArt_{65DCB901-EEBE-4324-9E71-F16F0BC663FA}_Large.jpg
[2010/04/12 10:17:29 | 000,000,086 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/11 02:27:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2010/04/11 02:27:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_winusb_01009.Wdf
[2010/04/11 02:27:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/04/10 22:11:19 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2010/04/10 21:33:32 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/04/10 20:56:27 | 000,542,856 | ---- | C] () -- C:\Users\Yesm125\Documents\2009 Melo Y Form 1040 Individual Tax Return.tax2009
[2010/04/10 16:46:06 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/04/09 22:42:20 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/08 23:33:00 | 000,160,998 | ---- | C] () -- C:\Users\Yesm125\Documents\Myron Confirmation.pdf
[2010/04/08 14:58:19 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$etwork.doc
[2010/04/08 14:57:09 | 001,141,760 | ---- | C] () -- C:\Users\Yesm125\Documents\Network.doc
[2010/04/08 14:30:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/04/07 17:07:35 | 000,000,761 | ---- | C] () -- C:\Users\Yesm125\Desktop\Sonne DVD Burner.lnk
[2010/04/05 18:27:05 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$ndidate_Info_Sheet_Charlot.doc
[2010/04/05 18:27:02 | 000,188,416 | ---- | C] () -- C:\Users\Yesm125\Documents\Candidate_Info_Sheet_Charlot.doc
[2010/04/04 19:31:32 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$p4ymelo.......doc
[2010/04/04 19:31:30 | 000,047,616 | ---- | C] () -- C:\Users\Yesm125\Documents\app4ymelo.......doc
[2010/04/04 16:07:21 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/04/02 03:04:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/02 03:04:38 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/04/01 12:03:55 | 000,000,572 | ---- | C] () -- C:\Users\Yesm125\Desktop\hjsplit - Shortcut.lnk
[2010/04/01 11:22:26 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/04/01 11:22:21 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/04/01 11:22:00 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/04/01 11:21:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/01 11:21:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/04/01 11:21:51 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/04/01 11:21:49 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/04/01 11:21:39 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/04/01 11:21:02 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/04/01 11:20:57 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/04/01 11:18:45 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/04/01 11:18:27 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/03/29 22:49:25 | 000,043,520 | ---- | C] () -- C:\Users\Yesm125\Documents\app3YMELO.doc
[2010/03/28 22:54:28 | 000,018,544 | ---- | C] () -- C:\Users\Yesm125\Documents\STATS 3.27.10.docx
[2010/03/28 13:47:25 | 000,000,114 | ---- | C] () -- C:\Windows\System32\prsgrc.tgz
[2010/03/28 13:47:24 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/03/28 13:47:24 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/03/28 13:47:24 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/03/28 12:57:39 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz
[2010/03/28 12:57:39 | 000,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz
[2010/03/28 12:57:38 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/03/28 12:57:37 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/03/28 12:57:36 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\servdat.slm
[2010/03/26 09:27:25 | 000,003,418 | ---- | C] () -- C:\Users\Yesm125\Documents\survey_software_results.html
[2010/03/02 20:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/03/02 20:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/03/02 20:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/02 20:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/03/02 20:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/03/02 20:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/03/02 20:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/03/02 20:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/03/02 20:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/03/02 20:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/03/02 20:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/03/02 20:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/03/02 20:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/03/02 20:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/03/02 20:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/03/02 20:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/03/02 20:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/14 14:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/11/14 14:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/11/14 14:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/11/14 14:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/11/14 14:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/11/14 14:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/11/14 14:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/11/14 14:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/11/14 14:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/11/14 14:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/06/05 21:42:08 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/03/01 21:34:23 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2009/03/01 21:30:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2009/03/01 21:30:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2009/03/01 21:30:05 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2009/03/01 21:28:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/03/01 21:28:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/03/01 21:28:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/03/01 21:28:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/03/01 21:24:14 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini
[2009/03/01 21:23:43 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/02/11 21:45:48 | 000,000,270 | ---- | C] () -- C:\Windows\System32\lxczcoin.ini
[2007/02/11 21:37:53 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/11 19:01:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/29 20:59:10 | 000,029,919 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/03/27 17:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/01/10 23:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 23:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2002/05/17 18:18:30 | 000,124,928 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll

========== LOP Check ==========

[2009/03/01 23:56:21 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Avery
[2010/06/18 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\AVG9
[2010/04/04 17:49:01 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Elluminate
[2010/06/06 15:32:16 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Faces
[2010/05/28 09:18:38 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\GlarySoft
[2010/06/20 17:37:57 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\gtk-2.0
[2010/06/03 12:09:24 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\IN-MEDIAKG
[2010/05/13 08:54:14 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\IObit
[2009/06/05 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Leadertech
[2009/04/12 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Lexmark Productivity Studio
[2010/06/17 09:33:32 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Outerspace Software
[2007/02/14 10:36:10 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\PlayFirst
[2007/02/11 20:54:24 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\SampleView
[2009/02/01 19:23:11 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\TaxCut
[2010/04/04 17:15:25 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\TeamViewer
[2008/01/10 22:14:48 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Template
[2010/04/12 10:12:55 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\uTorrent
[2007/02/13 00:32:13 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\WildTangent
[2010/06/22 08:58:56 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/05/15 01:20:21 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/06/01 01:00:04 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/06/22 08:58:34 | 000,000,318 | -HS- | M] () -- C:\Windows\Tasks\Pbfulvngqd.job
[2010/06/22 08:56:05 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/06/11 20:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/22 08:57:47 | 1005,240,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/24 09:54:13 | 000,000,756 | ---- | M] () -- C:\InstallHelper.log
[2007/02/11 21:39:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/07 21:27:57 | 000,004,149 | -H-- | M] () -- C:\IPH.PH
[2007/02/11 22:22:50 | 000,000,148 | ---- | M] () -- C:\lxcz.log
[2007/02/11 21:39:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/22 08:57:45 | 1319,055,360 | -HS- | M] () -- C:\pagefile.sys
[2007/01/11 18:32:20 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2010/06/14 22:55:42 | 000,002,762 | ---- | M] () -- C:\rapport.txt
[2008/09/07 19:58:20 | 000,000,219 | -H-- | M] () -- C:\T4Metrics.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/01/29 08:58:20 | 000,102,400 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\lxczpp5c.dll
[2009/10/16 18:12:46 | 000,147,968 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\lxdxdrpp.dll
[2006/10/26 23:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/06/13 19:40:56 | 000,085,504 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\System32\normnfci.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/06/22 08:58:34 | 000,000,318 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\Pbfulvngqd.job

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 03:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >

Extras.txt
OTL Extras logfile created on: 6/22/2010 1:39:32 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Yesm125\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.10 Gb Total Space | 30.88 Gb Free Space | 30.24% Space Free | Partition Type: NTFS
Drive D: | 9.69 Gb Total Space | 4.45 Gb Free Space | 45.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YESM125-PC
Current User Name: Yesm125
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-6110438-3837286715-127704199-1000]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-6110438-3837286715-127704199-500]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CDF2CCD-200C-419E-B21C-75CBFEFD9665}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0F2CC7EC-B8A4-42A2-8795-63B74D98ACE4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{12B9041E-8361-4E1F-BBFF-7CD26281FE33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{14694FBF-8F0F-4061-AA86-6C7EEE1824C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{197A40D2-141D-4F03-989E-E5E9AE8A5C01}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{23115E3E-25BD-4CA6-86AD-077A170C8ED7}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2A08F170-41C0-45A8-8812-7CD17CBCF9EF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{34BCDA51-D1EF-4550-BFF5-4284D36E7EC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{36A2F030-DA56-42DE-AE57-9A8602853337}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{3F520218-B75C-47C6-ACCD-C624BA0399EC}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{4045CB53-73AC-4B6D-BFE8-AF3A111F763E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4330DAAC-4714-4E85-8CE9-1441C9F861E9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{62C07E86-779B-4995-90F9-B8EFC456B8A5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6E244A29-FBF9-4A44-AFA5-C89A45C15547}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6F2546F1-690E-49E2-9C74-314A9EBD9F56}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7694A370-0A60-43E8-8512-B5F9AB74BC95}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{841A855E-1AD4-47A2-B43E-44D8D86FB6B1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8D6A1BC3-ACF4-4E7B-AA37-DBB2E3342814}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{959DC594-ACFE-454E-B198-4F274CFA5E8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC8FB995-1C56-46D4-82C3-B82196486355}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D800BD9C-4ADF-4CC7-AAF3-83A8D6E3173B}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{ED9B9235-7B00-4F87-B66E-84445C3B7E87}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01956D29-5FFA-4DF7-932C-3B5DB8228133}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
"{021293D8-E25E-436F-A7A1-147EA1B37E7E}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{0735FF27-8F92-4540-9824-1D438924950F}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{08832470-04BF-46E3-82C5-055D27210754}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{0F68F07C-CA00-4194-8B6F-6281BAD698C6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxtime.exe |
"{1182804E-0DC7-4AA4-B79F-8355E9D95A49}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{1209A93C-86D6-42C0-A274-CFE5FAFEFD9C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1B592600-141D-4A6A-BDDD-B272CE9D122B}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{1BFD7542-9C2A-438A-8452-736E066135A8}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{1C16825B-921C-4093-99C7-41A778395636}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{1C282C52-15BC-48ED-8E5C-F541D831C02A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2032A2FB-3834-4DF7-80F6-BC6E1720E3F0}" = protocol=17 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{2073561D-1C7D-452C-9B2A-6EDF89A83376}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{30DDC9FD-F55E-4F1D-BC8E-4EF46A77CD00}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3126853C-4117-4122-9D58-3741C5FF416E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{31D47ABB-AF32-47E9-9EC1-A6374E75101E}" = protocol=6 | dir=out | app=system |
"{32A76F6B-D531-412A-BEF4-8BCDFC4887E0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{32AD3398-7E05-480B-8B5B-7DB4625A5B16}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{3B2DA3B6-1F66-4CBB-9A44-7961C44F7FB4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4153FDC5-CC81-476C-BAC2-AE9EAE9EAA6B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{42E0196E-698F-4FCB-9166-06FE3FD16C58}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{431EE256-4806-4163-8B6D-6ACE6022FCFB}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{47C03562-D421-4FB7-8683-9E35AA1A7249}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{4BF54994-C8D3-431F-8205-0409CB5277AD}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{4E1B65E2-9050-4711-B1E9-03068F05353B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{504776F3-24B1-4AC6-8A37-7A4359C00738}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5165844B-7CC8-4D53-AD43-74864A3B6AD3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{52FAE536-F923-446A-AA99-28F36D6B598C}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{53DB3E25-BBD0-4122-8A61-F4C561506D62}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{54DB8B17-4EA1-4731-94BB-3CE82DBA1B97}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"{588E53D9-F781-4AB5-994F-3BB5F921A0E1}" = protocol=6 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{6081022E-35D2-4E62-8705-A0CE356353BA}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcfg.exe |
"{60DAA90F-D7C1-4037-BA95-08B425C8AD78}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{62C572B3-BF3E-4BC8-8A17-0AC6423DBE6D}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{69C3B982-BB93-4C36-9F42-0F095D6BE262}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6E390112-48CC-48D9-B894-DF98E7AE0261}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6EFA97E8-50BB-4571-B3EF-03B14C4D461E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{70903DC8-80CA-444B-B1E2-02907C2037A4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
"{74D0525D-D339-4FAD-95BD-DF9AC6901451}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{75878002-D298-48BF-977B-FB184072B97D}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{7B3063D1-349C-4641-ACB4-2C4A82EA136F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{7B839E70-73D4-40B3-87BA-70CA956253BA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7DBCC0CE-37DD-4A25-8783-AE2DCD99E078}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{7DD093E5-D16C-44DE-ACD8-A8A70725AC67}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{857B74FA-A5C0-4D53-8072-6BEC9816153F}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{8716F27F-11E5-4335-8BCF-3D642930FA43}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{877E20E1-653D-4716-8965-F5D40E246E7E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxtime.exe |
"{895AE889-A585-404C-BF3C-ED65138D90AB}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{896FEB3D-63E5-40FC-A84F-D111E1F44F24}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{89FCA4AE-34B2-4876-BB55-1349E647E6AF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8DF8212D-69DE-4B5B-B90B-4DDC3A9A3AEC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92D0D195-FEEE-42BC-816A-70F114E9F801}" = protocol=6 | dir=out | app=system |
"{9515F6F0-B5B5-4362-BDA9-30C3C5354B50}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9A125173-1DFC-41D0-BBC5-D5E6F9590474}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9AA9BB70-0241-45F1-BE0F-0CA19AB85CB7}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{9AE6D5A3-3DAD-4094-B964-BF6169FBE3CE}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{9DE88908-8F41-4386-89AD-3C261B92D445}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxjswx.exe |
"{9F22C107-6CAA-40BF-9942-1BDEC3A49179}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A2F0048D-4319-4D44-AFD3-D95861379DA5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A5AC82EB-28E0-48E2-93C3-4A47057587DB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{A69754F4-B4A0-4BED-9F3E-205B8B9AFBA0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A8D1FFFA-13D1-4111-92B6-88C851694B5F}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{A97334D1-07A1-4B08-B708-440262D66935}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AB061C7E-C800-44C4-817E-07B94239648B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AD33C088-0D26-4692-8D1E-4187C98F0A6F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{AD525036-EAF8-447A-B87D-23A69F36CC60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5C7EA73-B5AE-4FA4-8F03-AF230BCB9EB5}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{BABAB2D2-505B-4754-BB82-B27F848C3B6A}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{BC678593-CA87-4BB2-A9AC-20F1B72F3657}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BF7C7C43-3D2F-4311-998E-D05236B09E37}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{BF8581AE-E666-46A2-A7DA-B4523365D719}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C01108FB-C486-4ACF-8C85-FBB09B7417D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C205C4BF-738A-432E-9CA5-AD6D11054051}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C91C8EC5-6239-4580-ABC2-43F84DCD0AF9}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{C9C9D92F-DB4E-4C70-9BB0-1250EDD52191}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{CCFA3AF5-8E43-42D6-92C2-4D559CA15158}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{CF1D59CA-9196-48DC-B56E-B80B8567E9C2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{D0F926FD-D563-465D-9008-4BA802807B63}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D1F44E57-F542-489C-BCD3-8BAD2D3C8453}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{D37211E2-7C1E-453D-93F8-52BFDA334DC8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{D5A5B666-0B6D-4AB5-B938-566F439B200C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D65D3A52-DEF7-4E33-A4EB-F45B99ABAB8E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{D732E85B-C2FB-45B5-A1D2-840D16CFFCC0}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"{D87A8218-BD33-45D0-995A-1FF0AB6FA956}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{DB6A0D6A-2704-426F-8998-2647E1355FAF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{DCF7D2B9-B483-473B-B3C5-10FBFA44DF6F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DE5E9E69-44D0-4C5E-818A-BE83617CEE1D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E27E1486-8C76-490C-9C87-A1C3EB8DD6BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2AC00AA-B3C6-43EB-B8D8-B661075825AA}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{E47BD15C-1A3D-4BE6-BA5D-6F23741DFB19}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxjswx.exe |
"{E6E3327F-74FB-43E8-8300-077C5665169E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{E9164B1A-63B3-414E-9DC7-5D665B45499C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E9C35EB1-444B-4083-B991-5A64AC737E7E}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{ECD84AA4-8362-4EB7-9F06-5B6F88DFAD7C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcfg.exe |
"{F322531C-61A7-4817-992E-2FF04C474DB6}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{F9CD5585-62BF-4873-9D0C-14F1BF77D19E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{034206F4-112A-4A5C-9616-F128826A523D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{098172AB-2CE5-4772-A7F9-D6F419463AE1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{0B4D418A-CE27-4E3F-91B6-DC593F756ADD}C:\program files\gateway games\jeopardy\jeopardy!.exe" = protocol=6 | dir=in | app=c:\program files\gateway games\jeopardy\jeopardy!.exe |
"TCP Query User{386D8D76-4D56-4558-AB65-ECD87CE59E40}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{4B20E8B1-6629-4FA7-AC52-E71C7DF5F664}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{66CD9DFC-8916-4618-B89D-AD1E213976F4}C:\program files\hasbro interactive\rollercoaster tycoon\rct.exe" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe |
"TCP Query User{A63659B0-28E7-48D0-9270-A7940DCB3BD0}C:\program files\hasbro interactive\rollercoaster tycoon\rct.exe" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe |
"TCP Query User{F7C133B8-59F2-4AC6-97D6-B81E7A549D59}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"UDP Query User{29B1E8A1-720B-474F-B52E-66906471AF8D}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{6402931E-6E87-4C8B-A519-247D2F5EE6C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{72003A89-BDE7-4E60-8495-61C7D9323A0C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{785ED2FC-14D7-48AD-A1C6-9832CE162ABD}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{8A121FC0-F2D2-490C-B0F2-3726A960F45F}C:\program files\gateway games\jeopardy\jeopardy!.exe" = protocol=17 | dir=in | app=c:\program files\gateway games\jeopardy\jeopardy!.exe |
"UDP Query User{C557CA58-7D5D-412E-9EA0-9504B7EE42B4}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"UDP Query User{D073E465-1A67-4B70-8861-921ECE0C33E7}C:\program files\hasbro interactive\rollercoaster tycoon\rct.exe" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe |
"UDP Query User{E0636799-B593-4F04-9255-512F48BA95CE}C:\program files\hasbro interactive\rollercoaster tycoon\rct.exe" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{01DA3FC4-CF94-4AAD-9127-C8F2E09F6E69}" = PowerArchiver 2010
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B1D6DF0-EAA2-012B-AE51-000000000000}" = TurboTax 2009 wnjiper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D4B3DEB-2E18-4B7F-9CCB-4816A55F4D87}_is1" = Home Photo Studio 2.45
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6141748-CA45-4F24-A519-2401F2CCA01D}" = TaxCut New Jersey 2008
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG 9.0
"AviSynth" = AviSynth 2.5
"BluffTitler" = BluffTitler
"Brain Bullet!" = Brain Bullet!
"BurnAware Free_is1" = BurnAware Free 2.4.5
"ewidoantimalware" = ewido anti-malware
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FotoWorks XL_is1" = FotoWorks XL
"Gateway Game Console" = Gateway Game Console
"Glary Utilities_is1" = Glary Utilities Pro 2.23.0.923
"Google Desktop" = Google Desktop
"HaaliMkx" = Haali Media Splitter
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"HyperSnap 6" = HyperSnap 6
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"Jam DVD Copy_is1" = Jam DVD Copy 4.0.0.2045
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nutri Wellness Plus V1.1" = Nutri Wellness Plus V1.1
"NVIDIA Drivers" = NVIDIA Drivers
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.257
"RealAlt_is1" = Real Alternative 1.8.4 Lite
"Simple Sticky Notes_is1" = Simple Sticky Notes Version 1.1
"Sonne DVD Burner_is1" = Sonne DVD Burner 4.3.0.2033
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"WinAce Archiver" = WinAce Archiver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT013189" = Diner Dash
"WT014944" = Bejeweled 2 Deluxe
"WT014952" = Penguins!
"WT014954" = Polar Bowler
"WT014956" = Polar Golfer
"WT014958" = Chuzzle Deluxe
"WT014960" = JEOPARDY
"WT014962" = SCRABBLE
"WT015732" = FATE
"WT015796" = Blasterball 3
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/2/2010 9:22:01 AM | Computer Name = Yesm125-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 6/6/2010 4:16:04 PM | Computer Name = Yesm125-PC | Source = Application Error | ID = 1000
Description = Faulting application icacls.exe, version 6.0.6001.18000, time stamp
0x47918aee, faulting module icacls.exe, version 6.0.6001.18000, time stamp 0x47918aee,
exception code 0xc0000005, fault offset 0x00002154, process id 0x9d4, application
start time 0x01cb05b4ec6a386a.

Error - 6/6/2010 4:16:27 PM | Computer Name = Yesm125-PC | Source = Application Error | ID = 1000
Description = Faulting application icacls.exe, version 6.0.6001.18000, time stamp
0x47918aee, faulting module icacls.exe, version 6.0.6001.18000, time stamp 0x47918aee,
exception code 0xc0000005, fault offset 0x00002154, process id 0x690, application
start time 0x01cb05b521bb832a.

Error - 6/6/2010 4:52:15 PM | Computer Name = Yesm125-PC | Source = Google Update | ID = 20
Description =

Error - 6/6/2010 6:31:49 PM | Computer Name = Yesm125-PC | Source = Google Update | ID = 20
Description =

Error - 6/12/2010 8:02:55 PM | Computer Name = Yesm125-PC | Source = ZuneDriver | ID = 80837
Description =

Error - 6/12/2010 8:03:37 PM | Computer Name = Yesm125-PC | Source = WPDMTPDriver | ID = 80836
Description =

Error - 6/13/2010 10:48:31 AM | Computer Name = Yesm125-PC | Source = System Restore | ID = 8193
Description =

Error - 6/14/2010 10:51:54 PM | Computer Name = Yesm125-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/14/2010 10:55:47 PM | Computer Name = Yesm125-PC | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 6/10/2009 8:56:48 PM | Computer Name = Yesm125-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 1/11/2008 10:14:46 AM | Computer Name = Yesm125-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 723
seconds with 180 seconds of active time. This session ended with a crash.

Error - 6/24/2009 9:31:47 PM | Computer Name = Yesm125-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 280519
seconds with 6480 seconds of active time. This session ended with a crash.

Error - 10/2/2009 8:45:17 PM | Computer Name = Yesm125-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 408229
seconds with 2940 seconds of active time. This session ended with a crash.

Error - 10/25/2009 5:32:18 PM | Computer Name = Yesm125-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 147470
seconds with 3780 seconds of active time. This session ended with a crash.

Error - 12/19/2009 8:31:55 PM | Computer Name = Yesm125-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10806
seconds with 120 seconds of active time. This session ended with a crash.

Error - 3/18/2010 11:43:44 AM | Computer Name = Yesm125-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11810
seconds with 4440 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/21/2010 8:02:08 PM | Computer Name = Yesm125-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/21/2010 8:05:36 PM | Computer Name = Yesm125-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 6/21/2010 8:05:36 PM | Computer Name = Yesm125-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/21/2010 8:08:23 PM | Computer Name = Yesm125-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/21/2010 8:08:23 PM | Computer Name = Yesm125-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/21/2010 8:12:32 PM | Computer Name = Yesm125-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/22/2010 8:57:10 AM | Computer Name = Yesm125-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/22/2010 8:57:45 AM | Computer Name = Yesm125-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/22/2010 9:01:20 AM | Computer Name = Yesm125-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 6/22/2010 9:01:20 AM | Computer Name = Yesm125-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Running Gmer next will post with log shortly.
  • 0

#4
Francwaa
Posted 22 June 2010 - 01:55 PM

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-22 15:22:45
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Yesm125\AppData\Local\Temp\pfldrfoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#5
Francwaa
Posted 22 June 2010 - 01:57 PM

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I hope Gmer was done properly I'm running AVG and I believe it was conflicting Gmer and sent be to a blue screen and I rebooted into safe mode and ran Gmer.
  • 0

#6
Aaron
Posted 23 June 2010 - 12:48 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi,

Please follow these steps:

Step 1

You are using AVG, AVAST and McAfee.
Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine

=========================================================================

You are still using ewido anti-malware, however this program is not supported anymore, AVG bought it and it's used in AVG's software now so you can actually remove ewido anti-malware.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Loaris Trojan Remover 1.2
HyperCam Toolbar

This one is optionnal, it came with other software you installed but this could be the reason of your redirections. I suggest you remove it, also see http://www.systemloo...bcore3_dll.html and http://www.systemloo...bcore3_dll.html

Step 2

Run OTL again
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2010/06/18 23:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2010/06/13 17:27:05 | 017,659,198 | ---- | C] (Loaris, Inc. ) -- C:\Users\Yesm125\Documents\loaristrojanremover.exe
[2010/04/20 10:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2010/06/22 08:58:34 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\Pbfulvngqd.job
[2010/06/13 19:40:56 | 000,085,504 | RHS- | M] () -- C:\Windows\System32\normnfci.dll
[2010/06/13 17:35:42 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
[2010/06/13 17:29:23 | 017,659,198 | ---- | M] (Loaris, Inc. ) -- C:\Users\Yesm125\Documents\loaristrojanremover.exe
[2010/06/13 17:06:13 | 001,720,086 | ---- | M] () -- C:\Windows\System32\TmpA21970151
[2010/06/13 19:41:09 | 000,000,318 | -HS- | C] () -- C:\Windows\tasks\Pbfulvngqd.job
[2010/06/13 19:40:56 | 000,085,504 | RHS- | C] () -- C:\Windows\System32\normnfci.dll
[2010/06/13 17:06:13 | 001,720,086 | ---- | C] () -- C:\Windows\System32\TmpA21970151
[2010/04/20 10:50:00 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
[2010/06/22 08:58:34 | 000,000,318 | -HS- | M] () -- C:\Windows\Tasks\Pbfulvngqd.job

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and save the log it produces.
  • Open OTL again and click the Quick Scan button. Now post the log it produces together with the log you saved from running the fix. Post both logs in your next reply please.

Also please tell me if this fixed your problem.
Maser00
  • 0

#7
Francwaa
Posted 23 June 2010 - 02:44 PM

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
only one log not two

All processes killed
========== OTL ==========
C:\ProgramData\App4rTemp\ThumbnailCache4R\LxThumbs\4f3b3109 folder moved successfully.
C:\ProgramData\App4rTemp\ThumbnailCache4R\LxThumbs folder moved successfully.
C:\ProgramData\App4rTemp\ThumbnailCache4R folder moved successfully.
C:\ProgramData\App4rTemp folder moved successfully.
C:\Users\Yesm125\Documents\loaristrojanremover.exe moved successfully.
C:\Program Files\Loaris\Trojan Remover\updates folder moved successfully.
C:\Program Files\Loaris\Trojan Remover\logs folder moved successfully.
C:\Program Files\Loaris\Trojan Remover folder moved successfully.
C:\Program Files\Loaris folder moved successfully.
C:\Windows\Tasks\Pbfulvngqd.job moved successfully.
C:\Windows\System32\normnfci.dll moved successfully.
File C:\Users\Public\Desktop\Loaris Trojan Remover.lnk not found.
File C:\Users\Yesm125\Documents\loaristrojanremover.exe not found.
C:\Windows\System32\TmpA21970151 moved successfully.
File C:\Windows\tasks\Pbfulvngqd.job not found.
File C:\Windows\System32\normnfci.dll not found.
File C:\Windows\System32\TmpA21970151 not found.
File C:\Users\Public\Desktop\Loaris Trojan Remover.lnk not found.
File C:\Windows\Tasks\Pbfulvngqd.job not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Yesm125
->Temp folder emptied: 124392323 bytes
->Temporary Internet Files folder emptied: 11744427 bytes
->Java cache emptied: 34295611 bytes
->FireFox cache emptied: 42428008 bytes
->Flash cache emptied: 2459 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 319085 bytes
RecycleBin emptied: 2473149 bytes

Total Files Cleaned = 206.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Yesm125
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.6.1 log created on 06232010_154343

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#8
Aaron
Posted 23 June 2010 - 03:48 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Press the Quick Scan button in OTL, like in the instructions. :) Still got redirections?
  • 0

#9
Francwaa
Posted 23 June 2010 - 04:23 PM

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Not from what I ca tell but the issue is sporadic yet persistent.

OTL logfile created on: 6/23/2010 6:07:40 PM - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = c:\Users\Yesm125\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 126.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.10 Gb Total Space | 29.80 Gb Free Space | 29.18% Space Free | Partition Type: NTFS
Drive D: | 9.69 Gb Total Space | 4.45 Gb Free Space | 45.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YESM125-PC
Current User Name: Yesm125
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/22 13:29:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- c:\Users\Yesm125\Downloads\OTL.exe
PRC - [2010/06/22 08:20:09 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/22 08:20:02 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/22 08:20:02 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 08:19:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 08:19:45 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/06/22 08:19:43 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/22 08:19:39 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/22 08:19:35 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/06/22 08:19:35 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/22 08:19:33 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 08:19:31 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/02 17:06:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/16 18:12:38 | 000,749,568 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe
PRC - [2009/10/16 18:12:38 | 000,700,416 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe
PRC - [2009/10/16 18:00:52 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdxserv.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/25 12:55:49 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/03/20 02:25:43 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2008/03/20 02:25:42 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe
PRC - [2007/01/29 18:11:36 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/06/22 13:29:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- c:\Users\Yesm125\Downloads\OTL.exe
MOD - [2010/06/22 08:20:02 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [Auto | Stopped] -- -- (McProxy)
SRV - [2010/06/22 08:19:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 08:19:43 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/06/22 08:19:39 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/22 08:19:35 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/19 10:25:46 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/03/18 05:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/12/03 20:26:10 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/16 18:00:52 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/09 18:59:36 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/29 18:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 00:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/06/22 08:20:06 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 08:19:51 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/06/22 08:19:51 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/06/22 08:19:51 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/06/22 08:19:51 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/06/22 08:19:35 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/18 18:17:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/18 14:41:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/06/18 14:39:11 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/06/01 15:00:45 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/03/23 02:17:06 | 001,170,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2010/03/11 05:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 18:04:02 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/26 11:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/07/26 11:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 09:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/01/02 04:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/20 14:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/28 03:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/09/29 05:29:42 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/09/15 12:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:4.1.12s
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/18 18:25:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/18 14:42:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/01 12:55:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/01 12:55:33 | 000,000,000 | ---D | M]

[2010/03/05 20:35:55 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Extensions
[2010/06/23 15:21:10 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions
[2010/03/17 13:03:56 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2010/04/27 13:13:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/17 13:03:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/03/17 13:03:55 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/05/06 08:49:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/20 09:10:02 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/20 09:10:06 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\[email protected]
[2010/03/17 12:32:07 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\[email protected]
[2010/03/16 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\SkipScreen@SkipScreen
[2010/06/12 08:56:23 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\[email protected]
[2010/03/17 10:11:01 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\[email protected]
[2010/06/14 09:56:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/15 10:08:15 | 000,404,392 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13984 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\bae.dll (Gateway Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Yesm125\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Yesm125\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 000,000,053 | -HS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e69a84e3-a18d-11de-a59d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{e69a84e3-a18d-11de-a59d-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/23 15:43:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/22 08:20:02 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/06/21 22:40:44 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/06/21 20:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/06/21 20:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/20 17:37:57 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\gtk-2.0
[2010/06/20 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\.thumbnails
[2010/06/20 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\.gimp-2.6
[2010/06/20 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\gegl-0.0
[2010/06/20 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/06/20 16:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/06/20 16:51:53 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Local\Paint.NET
[2010/06/18 20:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\ewido anti-malware
[2010/06/18 19:50:33 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\AVG9
[2010/06/18 15:03:05 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Local\AVG Security Toolbar
[2010/06/18 14:43:03 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/18 14:43:01 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/06/18 14:42:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/06/18 14:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/06/18 14:41:08 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/06/18 14:41:07 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/06/18 14:41:05 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/18 14:39:10 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/06/18 14:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/18 14:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/06/18 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Local\Yahoo!
[2010/06/17 09:33:32 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\Outerspace Software
[2010/06/17 09:33:32 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\BluffTitler
[2010/06/17 09:31:35 | 000,000,000 | ---D | C] -- C:\Outerspace Software
[2010/06/15 17:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\Simnet
[2010/06/15 09:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/15 09:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/14 20:24:37 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Desktop\SmitfraudFix
[2010/06/14 11:03:09 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/14 11:03:09 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/14 11:03:09 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/14 11:03:09 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/14 11:03:07 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/14 11:01:59 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/14 11:01:59 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/06/14 11:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/06/14 11:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/06/13 10:55:56 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Tracing
[2010/06/13 10:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/13 10:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/13 10:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/13 10:46:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/13 10:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/13 10:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/06/13 10:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/13 09:59:56 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\{d3623ad7-c9f1-419b-bb72-b434aa8d73c5}
[2010/06/11 08:53:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/06 16:17:48 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\{239ce63c-7c7d-46c4-8aa6-a2e40009a3ea}
[2010/06/06 15:11:11 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\Faces
[2010/06/05 11:00:05 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\CyberLink
[2010/06/05 11:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/06/03 12:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Brain Bullet!
[2010/06/03 12:09:24 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\IN-MEDIAKG
[2010/06/03 12:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\FotoWorksXL
[2010/06/03 12:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\mresreg
[2010/06/02 17:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Recovery Magic
[2010/06/01 23:18:01 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/06/01 13:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Home Photo Studio
[2010/06/01 12:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/01 12:52:50 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010/06/01 12:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/05/30 13:26:38 | 000,000,000 | R--D | C] -- C:\Program Files\TypingMaster
[2010/05/28 09:18:38 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\GlarySoft
[2010/05/28 08:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/05/27 09:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\HyperSnap 6
[2010/05/27 09:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jam DVD Copy
[2010/05/27 09:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Jam DVD Copy
[2010/05/27 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2010/05/27 08:28:31 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\SecurityScans
[2010/05/27 08:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2010/05/25 03:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/05/24 11:06:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/05/24 11:06:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/05/24 11:06:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/19 14:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/19 14:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/19 14:44:48 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/19 14:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/18 17:38:47 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\Malwarebytes
[2010/05/18 17:38:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/18 17:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/18 17:38:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/18 17:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/05 20:31:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/22 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\IObit
[2010/04/22 16:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/04/21 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2010/04/20 10:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2010/04/12 17:39:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\custom matrices
[2010/04/12 17:39:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/04/12 09:59:44 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2010/04/12 09:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010/04/10 22:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2010/04/10 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2010/04/10 17:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/10 16:20:36 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Local\IsolatedStorage
[2010/04/07 17:09:14 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Local\Real
[2010/04/07 17:09:13 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\Real
[2010/04/07 17:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/04/07 17:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonne DVD Burner
[2010/04/07 17:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sonne DVD Burner
[2010/04/04 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\AppData\Roaming\TeamViewer
[2010/04/04 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/04/01 00:15:24 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010/03/29 22:45:22 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\SPSSInc
[2010/03/29 12:43:34 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\The Struggles
[2010/03/28 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\Documents\SafeNet Sentinel
[2010/03/28 20:53:49 | 000,000,000 | ---D | C] -- C:\Users\Yesm125\.spss
[2010/03/28 13:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
[2010/03/28 13:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SPSS
[2010/03/28 13:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPSS
[2010/03/28 13:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\SPSSInc
[2010/03/27 19:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2009/10/16 15:27:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll
[2009/03/01 21:23:42 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2009/03/01 21:23:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2009/03/01 21:23:42 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2009/03/01 21:23:41 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2009/03/01 21:23:41 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2009/03/01 21:23:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2009/03/01 21:23:39 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2009/03/01 21:23:39 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2009/03/01 21:23:38 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2009/03/01 21:23:35 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2009/03/01 21:23:35 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[2006/12/20 23:08:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2006/12/20 23:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2006/12/20 23:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2006/12/20 22:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2006/12/20 22:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2006/12/20 22:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2006/12/20 22:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2006/12/20 22:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2006/12/20 22:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2006/12/20 22:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2006/12/20 22:42:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\Users\Yesm125\Documents\*.tmp files -> C:\Users\Yesm125\Documents\*.tmp -> ]
[1 C:\Users\Yesm125\*.tmp files -> C:\Users\Yesm125\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/23 18:15:12 | 009,437,184 | -HS- | M] () -- C:\Users\Yesm125\ntuser.dat
[2010/06/23 17:56:46 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/23 17:56:46 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/23 17:49:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/23 16:00:45 | 000,042,621 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\nvModes.001
[2010/06/23 15:57:12 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/06/23 15:57:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/23 15:56:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/23 15:56:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/23 15:56:00 | 1003,151,360 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/23 15:54:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/23 15:53:25 | 000,524,288 | -HS- | M] () -- C:\Users\Yesm125\ntuser.dat{2e08add6-87af-11de-95e3-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010/06/23 15:53:25 | 000,065,536 | -HS- | M] () -- C:\Users\Yesm125\ntuser.dat{2e08add6-87af-11de-95e3-00038a000015}.TM.blf
[2010/06/23 12:26:47 | 061,357,259 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/23 12:22:06 | 000,091,136 | ---- | M] () -- C:\Users\Yesm125\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/23 10:20:52 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/06/23 09:41:23 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/23 09:41:22 | 000,755,222 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/23 09:41:22 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/23 09:39:44 | 000,042,621 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\nvModes.dat
[2010/06/22 15:37:01 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/06/22 08:20:06 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/22 08:20:02 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/06/22 08:19:51 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/06/22 08:19:35 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/21 22:41:41 | 000,003,460 | ---- | M] () -- C:\Windows\System32\log.xml
[2010/06/21 22:40:44 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/06/20 23:26:19 | 000,058,368 | ---- | M] () -- C:\Users\Yesm125\Desktop\APP2ymelo.doc
[2010/06/20 23:26:19 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Desktop\~$P2ymelo.doc
[2010/06/20 17:55:15 | 000,000,841 | ---- | M] () -- C:\Users\Yesm125\.recently-used.xbel
[2010/06/20 17:18:12 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/06/20 16:55:10 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/06/18 22:50:57 | 000,000,357 | ---- | M] () -- C:\Users\Yesm125\Desktop\Downloads - Shortcut.lnk
[2010/06/18 22:50:03 | 000,000,357 | ---- | M] () -- C:\Users\Yesm125\Downloads - Shortcut.lnk
[2010/06/18 18:17:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/06/18 14:43:22 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/06/18 14:43:01 | 000,597,578 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/06/18 14:42:59 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/06/18 14:41:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/06/18 14:39:11 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/06/17 09:31:47 | 000,001,708 | ---- | M] () -- C:\Users\Public\Desktop\BluffTitler.lnk
[2010/06/16 13:35:08 | 000,111,490 | ---- | M] () -- C:\Users\Yesm125\Documents\NoHassleAutoSale ad.docx
[2010/06/15 17:05:18 | 000,000,961 | ---- | M] () -- C:\Users\Yesm125\Desktop\Simple Sticky Notes.lnk
[2010/06/15 10:11:06 | 000,001,109 | ---- | M] () -- C:\Users\Yesm125\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/15 10:11:06 | 000,001,085 | ---- | M] () -- C:\Users\Yesm125\Desktop\Spybot - Search & Destroy.lnk
[2010/06/15 10:08:15 | 000,404,392 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/14 22:53:30 | 000,000,691 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\GetValue.vbs
[2010/06/14 22:53:30 | 000,000,035 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\SetValue.bat
[2010/06/14 22:53:29 | 000,004,238 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/06/14 22:53:24 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100615-100815.backup
[2010/06/14 11:03:09 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/14 11:03:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/06/11 12:53:23 | 000,240,992 | ---- | M] () -- C:\Users\Yesm125\Documents\VIRUS REMOVAL ad.docx
[2010/06/11 03:47:51 | 000,303,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/09 22:28:23 | 000,030,222 | ---- | M] () -- C:\Users\Yesm125\Documents\lifespan week one discussion.docx
[2010/06/05 10:59:39 | 000,000,289 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\burnaware.ini
[2010/06/05 08:41:13 | 000,015,296 | ---- | M] () -- C:\Users\Yesm125\Documents\Go to Google sEARCH qUERIES.docx
[2010/06/03 13:24:34 | 180,486,144 | ---- | M] () -- C:\Users\Yesm125\Documents\Resume Maker.iso
[2010/06/03 12:40:15 | 000,001,679 | ---- | M] () -- C:\Users\Yesm125\Desktop\Brain Bullet!.lnk
[2010/06/03 12:09:29 | 000,000,840 | ---- | M] () -- C:\Users\Yesm125\Desktop\FotoWorksXL.lnk
[2010/06/02 17:13:01 | 000,000,857 | ---- | M] () -- C:\Users\Yesm125\Desktop\RAR Password Recovery Magic.lnk
[2010/06/02 00:09:18 | 000,029,959 | ---- | M] () -- C:\Users\Yesm125\Documents\Tuneup Vista with these Windows Vista Performance Tweaks.docx
[2010/06/01 17:33:20 | 000,073,552 | ---- | M] () -- C:\Users\Yesm125\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/01 13:18:39 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\Home Photo Studio.lnk
[2010/06/01 13:08:04 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/01 13:08:04 | 000,000,088 | RHS- | M] () -- C:\ProgramData\3C91D16FB8.sys
[2010/06/01 01:00:04 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/05/31 15:17:42 | 000,021,504 | ---- | M] () -- C:\Users\Yesm125\Documents\STATS WEEK 12.xls
[2010/05/30 13:34:15 | 000,000,024 | ---- | M] () -- C:\Users\Yesm125\AppData\Roaming\MyPhrases.dta
[2010/05/30 13:27:04 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\TypingMaster Pro.lnk
[2010/05/30 13:27:04 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\TypingMaster Pro User Manager.lnk
[2010/05/28 08:50:29 | 000,000,797 | ---- | M] () -- C:\Users\Yesm125\Desktop\Glary Utilities.lnk
[2010/05/27 09:59:40 | 000,000,787 | ---- | M] () -- C:\Users\Yesm125\Desktop\HyperSnap 6.lnk
[2010/05/27 09:32:02 | 000,000,748 | ---- | M] () -- C:\Users\Yesm125\Desktop\Jam DVD Copy.lnk
[2010/05/27 08:26:39 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[2010/05/25 03:25:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/25 03:25:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/24 00:50:42 | 000,311,296 | ---- | M] () -- C:\Users\Yesm125\Documents\FINAL PROJECT STATITTCIS.doc
[2010/05/23 20:29:57 | 000,026,329 | ---- | M] () -- C:\Users\Yesm125\Documents\Chapter 12 week 9.docx
[2010/05/23 20:24:00 | 000,033,969 | ---- | M] () -- C:\Users\Yesm125\Desktop\FREQUENCY DISTRIBUTION.spv
[2010/05/23 19:10:19 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$apter 12 week 9.docx
[2010/05/22 18:05:05 | 000,037,030 | ---- | M] () -- C:\Users\Yesm125\Desktop\ANOVA.spv
[2010/05/22 17:42:14 | 000,012,777 | ---- | M] () -- C:\Users\Yesm125\Desktop\T TEST STATS.spv
[2010/05/22 17:30:01 | 000,012,657 | ---- | M] () -- C:\Users\Yesm125\Documents\STATISTICS TEST RUNNING.docx
[2010/05/22 17:30:01 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$ATISTICS TEST RUNNING.docx
[2010/05/19 22:49:00 | 000,005,989 | ---- | M] () -- C:\Users\Yesm125\Documents\howell data set into spss.sav
[2010/05/19 22:41:07 | 000,005,989 | ---- | M] () -- C:\Users\Yesm125\Documents\howell data set.sav
[2010/05/19 19:24:35 | 000,023,535 | ---- | M] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs for sale.docx
[2010/05/19 14:44:58 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/18 17:38:22 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/15 01:20:21 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/05/11 18:16:19 | 000,020,518 | ---- | M] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs Fanfare for the Common man.docx
[2010/05/10 21:38:47 | 000,022,602 | ---- | M] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs Animals without oxygen.docx
[2010/05/10 13:11:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/04 09:30:02 | 000,199,513 | ---- | M] () -- C:\Users\Yesm125\Documents\FPC Resume.pdf
[2010/05/04 09:29:42 | 000,042,714 | ---- | M] () -- C:\Users\Yesm125\Documents\FPC Resume.docx
[2010/05/04 09:29:42 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$C Resume.docx
[2010/05/03 10:25:32 | 000,671,874 | ---- | M] () -- C:\Users\Yesm125\Documents\Things you can do on SPSS 17.pdf
[2010/05/03 10:23:56 | 000,610,156 | ---- | M] () -- C:\Users\Yesm125\Documents\Things you can do on SPSS 17.docx
[2010/04/30 20:04:23 | 127,375,890 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 13:59:59 | 000,000,134 | ---- | M] () -- C:\Users\Yesm125\Desktop\Windows Mobility Center - Shortcut.lnk
[2010/04/29 13:52:20 | 000,000,208 | ---- | M] () -- C:\Users\Yesm125\Desktop\NVIDIA Control Panel - Shortcut.lnk
[2010/04/27 18:25:13 | 000,542,856 | ---- | M] () -- C:\Users\Yesm125\Documents\2009 Melo Y Form 1040 Individual Tax Return.tax2009
[2010/04/22 17:00:05 | 000,001,038 | ---- | M] () -- C:\Users\Yesm125\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/04/22 17:00:04 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/04/21 17:42:31 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2010/04/20 10:06:16 | 000,000,178 | ---- | M] () -- C:\Users\Yesm125\Desktop\Buy RAR Password Recovery Now!.url
[2010/04/20 08:58:25 | 000,000,680 | ---- | M] () -- C:\Users\Yesm125\AppData\Local\d3d9caps.dat
[2010/04/18 20:01:35 | 000,042,496 | ---- | M] () -- C:\Users\Yesm125\Documents\week 6 questions..doc
[2010/04/16 16:03:56 | 000,000,480 | ---- | M] () -- C:\Users\Yesm125\Documents\error.rp1
[2010/04/16 16:03:54 | 000,000,000 | ---- | M] () -- C:\Users\Yesm125\Documents\error.rp4
[2010/04/16 16:03:54 | 000,000,000 | ---- | M] () -- C:\Users\Yesm125\Documents\error.rp3
[2010/04/16 16:03:54 | 000,000,000 | ---- | M] () -- C:\Users\Yesm125\Documents\error.rp2
[2010/04/16 16:03:54 | 000,000,000 | ---- | M] () -- C:\Users\Yesm125\Documents\error.rp0
[2010/04/13 11:52:05 | 000,163,154 | ---- | M] () -- C:\Users\Yesm125\Documents\Tax Update Y_MELO.pdf
[2010/04/12 10:17:30 | 000,000,086 | ---- | M] () -- C:\Windows\wininit.ini
[2010/04/11 07:45:47 | 004,171,697 | ---- | M] () -- C:\Users\Yesm125\Documents\Untitled.wma
[2010/04/11 07:45:43 | 000,032,103 | -H-- | M] () -- C:\Users\Yesm125\Documents\Folder.jpg
[2010/04/11 07:45:43 | 000,032,103 | -H-- | M] () -- C:\Users\Yesm125\Documents\AlbumArt_{65DCB901-EEBE-4324-9E71-F16F0BC663FA}_Large.jpg
[2010/04/11 02:27:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2010/04/11 02:27:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_winusb_01009.Wdf
[2010/04/11 02:27:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/04/10 22:11:19 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2010/04/10 16:46:06 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/04/09 22:57:16 | 000,000,943 | ---- | M] () -- C:\Users\Yesm125\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/04/08 23:35:39 | 000,160,998 | ---- | M] () -- C:\Users\Yesm125\Documents\Myron Confirmation.pdf
[2010/04/08 14:58:19 | 001,141,760 | ---- | M] () -- C:\Users\Yesm125\Documents\Network.doc
[2010/04/08 14:58:19 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$etwork.doc
[2010/04/08 14:30:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/04/07 17:07:35 | 000,000,761 | ---- | M] () -- C:\Users\Yesm125\Desktop\Sonne DVD Burner.lnk
[2010/04/05 18:28:34 | 000,188,416 | ---- | M] () -- C:\Users\Yesm125\Documents\Candidate_Info_Sheet_Charlot.doc
[2010/04/05 18:27:05 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$ndidate_Info_Sheet_Charlot.doc
[2010/04/04 19:31:32 | 000,047,616 | ---- | M] () -- C:\Users\Yesm125\Documents\app4ymelo.......doc
[2010/04/04 19:31:32 | 000,000,162 | -H-- | M] () -- C:\Users\Yesm125\Documents\~$p4ymelo.......doc
[2010/04/04 16:07:21 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/04/02 16:14:23 | 000,040,324 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/04/01 12:03:55 | 000,000,572 | ---- | M] () -- C:\Users\Yesm125\Desktop\hjsplit - Shortcut.lnk
[2010/04/01 12:03:55 | 000,000,572 | ---- | M] () -- C:\Users\Yesm125\Desktop\hjsplit - Shortcut - Copy.lnk
[2010/04/01 00:59:36 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/03/31 20:36:23 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010/03/31 20:35:31 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010/03/29 22:49:30 | 000,043,520 | ---- | M] () -- C:\Users\Yesm125\Documents\app3YMELO.doc
[2010/03/29 22:09:21 | 000,018,544 | ---- | M] () -- C:\Users\Yesm125\Documents\STATS 3.27.10.docx
[2010/03/28 13:47:28 | 000,000,114 | ---- | M] () -- C:\Windows\System32\prsgrc.tgz
[2010/03/28 13:47:25 | 000,001,024 | ---- | M] () -- C:\Windows\System32\grcauth2.dll
[2010/03/28 13:47:24 | 000,001,024 | ---- | M] () -- C:\Windows\System32\grcauth1.dll
[2010/03/28 13:47:24 | 000,000,100 | ---- | M] () -- C:\Windows\System32\prsgrc.dll
[2010/03/28 12:57:54 | 000,000,016 | -H-- | M] () -- C:\Windows\System32\servdat.slm
[2010/03/28 12:57:53 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2010/03/28 12:57:50 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2010/03/28 12:57:39 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
[2010/03/28 12:57:38 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
[2010/03/26 09:47:17 | 000,003,418 | ---- | M] () -- C:\Users\Yesm125\Documents\survey_software_results.html
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[15 C:\Users\Yesm125\Documents\*.tmp files -> C:\Users\Yesm125\Documents\*.tmp -> ]
[1 C:\Users\Yesm125\*.tmp files -> C:\Users\Yesm125\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/23 10:20:52 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/06/22 15:23:56 | 1003,151,360 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/22 14:04:08 | 000,293,376 | ---- | C] () -- C:\Users\Yesm125\Desktop\gmer.exe
[2010/06/21 22:41:40 | 000,003,460 | ---- | C] () -- C:\Windows\System32\log.xml
[2010/06/21 20:25:24 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/06/20 23:26:19 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Desktop\~$P2ymelo.doc
[2010/06/20 23:26:08 | 000,058,368 | ---- | C] () -- C:\Users\Yesm125\Desktop\APP2ymelo.doc
[2010/06/20 17:55:15 | 000,000,841 | ---- | C] () -- C:\Users\Yesm125\.recently-used.xbel
[2010/06/20 17:18:12 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/06/20 16:55:10 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/06/18 22:50:57 | 000,000,357 | ---- | C] () -- C:\Users\Yesm125\Desktop\Downloads - Shortcut.lnk
[2010/06/18 22:50:03 | 000,000,357 | ---- | C] () -- C:\Users\Yesm125\Downloads - Shortcut.lnk
[2010/06/18 14:43:22 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/06/18 14:42:59 | 000,597,578 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/06/18 14:42:59 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/06/18 14:42:54 | 061,357,259 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/17 09:31:47 | 000,001,708 | ---- | C] () -- C:\Users\Public\Desktop\BluffTitler.lnk
[2010/06/16 13:34:47 | 000,111,490 | ---- | C] () -- C:\Users\Yesm125\Documents\NoHassleAutoSale ad.docx
[2010/06/15 17:05:18 | 000,000,961 | ---- | C] () -- C:\Users\Yesm125\Desktop\Simple Sticky Notes.lnk
[2010/06/15 09:57:03 | 000,001,109 | ---- | C] () -- C:\Users\Yesm125\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/15 09:57:03 | 000,001,085 | ---- | C] () -- C:\Users\Yesm125\Desktop\Spybot - Search & Destroy.lnk
[2010/06/14 22:53:30 | 000,000,691 | ---- | C] () -- C:\Users\Yesm125\AppData\Roaming\GetValue.vbs
[2010/06/14 22:53:30 | 000,000,035 | ---- | C] () -- C:\Users\Yesm125\AppData\Roaming\SetValue.bat
[2010/06/14 22:53:29 | 000,004,238 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/06/14 11:03:09 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/13 10:05:10 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/06/13 10:00:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2010/06/11 12:53:16 | 000,240,992 | ---- | C] () -- C:\Users\Yesm125\Documents\VIRUS REMOVAL ad.docx
[2010/06/09 22:28:22 | 000,030,222 | ---- | C] () -- C:\Users\Yesm125\Documents\lifespan week one discussion.docx
[2010/06/05 08:41:10 | 000,015,296 | ---- | C] () -- C:\Users\Yesm125\Documents\Go to Google sEARCH qUERIES.docx
[2010/06/03 13:17:30 | 180,486,144 | ---- | C] () -- C:\Users\Yesm125\Documents\Resume Maker.iso
[2010/06/03 12:40:15 | 000,001,679 | ---- | C] () -- C:\Users\Yesm125\Desktop\Brain Bullet!.lnk
[2010/06/03 12:09:29 | 000,000,840 | ---- | C] () -- C:\Users\Yesm125\Desktop\FotoWorksXL.lnk
[2010/06/02 17:13:01 | 000,000,857 | ---- | C] () -- C:\Users\Yesm125\Desktop\RAR Password Recovery Magic.lnk
[2010/06/02 00:08:48 | 000,029,959 | ---- | C] () -- C:\Users\Yesm125\Documents\Tuneup Vista with these Windows Vista Performance Tweaks.docx
[2010/06/01 13:18:39 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\Home Photo Studio.lnk
[2010/06/01 12:57:57 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3C91D16FB8.sys
[2010/06/01 12:57:56 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/31 19:17:45 | 000,000,572 | ---- | C] () -- C:\Users\Yesm125\Desktop\hjsplit - Shortcut - Copy.lnk
[2010/05/31 15:17:41 | 000,021,504 | ---- | C] () -- C:\Users\Yesm125\Documents\STATS WEEK 12.xls
[2010/05/30 13:34:15 | 000,000,024 | ---- | C] () -- C:\Users\Yesm125\AppData\Roaming\MyPhrases.dta
[2010/05/30 13:27:04 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\TypingMaster Pro.lnk
[2010/05/30 13:27:04 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\TypingMaster Pro User Manager.lnk
[2010/05/28 08:50:45 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/05/28 08:50:29 | 000,000,797 | ---- | C] () -- C:\Users\Yesm125\Desktop\Glary Utilities.lnk
[2010/05/27 09:59:40 | 000,000,787 | ---- | C] () -- C:\Users\Yesm125\Desktop\HyperSnap 6.lnk
[2010/05/27 09:32:02 | 000,000,748 | ---- | C] () -- C:\Users\Yesm125\Desktop\Jam DVD Copy.lnk
[2010/05/27 08:26:39 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[2010/05/25 03:25:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/25 03:25:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/24 00:50:38 | 000,311,296 | ---- | C] () -- C:\Users\Yesm125\Documents\FINAL PROJECT STATITTCIS.doc
[2010/05/23 20:18:56 | 000,033,969 | ---- | C] () -- C:\Users\Yesm125\Desktop\FREQUENCY DISTRIBUTION.spv
[2010/05/23 19:10:19 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$apter 12 week 9.docx
[2010/05/22 18:05:05 | 000,037,030 | ---- | C] () -- C:\Users\Yesm125\Desktop\ANOVA.spv
[2010/05/22 17:42:14 | 000,012,777 | ---- | C] () -- C:\Users\Yesm125\Desktop\T TEST STATS.spv
[2010/05/22 17:30:01 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$ATISTICS TEST RUNNING.docx
[2010/05/22 17:30:00 | 000,012,657 | ---- | C] () -- C:\Users\Yesm125\Documents\STATISTICS TEST RUNNING.docx
[2010/05/20 21:29:41 | 000,026,329 | ---- | C] () -- C:\Users\Yesm125\Documents\Chapter 12 week 9.docx
[2010/05/19 22:49:00 | 000,005,989 | ---- | C] () -- C:\Users\Yesm125\Documents\howell data set into spss.sav
[2010/05/19 22:41:06 | 000,005,989 | ---- | C] () -- C:\Users\Yesm125\Documents\howell data set.sav
[2010/05/19 19:24:32 | 000,023,535 | ---- | C] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs for sale.docx
[2010/05/19 14:44:57 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/18 17:38:22 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 08:36:39 | 000,050,688 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2010/05/11 18:16:18 | 000,020,518 | ---- | C] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs Fanfare for the Common man.docx
[2010/05/10 21:36:32 | 000,022,602 | ---- | C] () -- C:\Users\Yesm125\Documents\Isaiah Gibbs Animals without oxygen.docx
[2010/05/10 13:11:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/05/04 12:36:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/05/04 09:29:57 | 000,199,513 | ---- | C] () -- C:\Users\Yesm125\Documents\FPC Resume.pdf
[2010/05/04 09:29:42 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$C Resume.docx
[2010/05/04 09:29:37 | 000,042,714 | ---- | C] () -- C:\Users\Yesm125\Documents\FPC Resume.docx
[2010/05/03 10:25:26 | 000,671,874 | ---- | C] () -- C:\Users\Yesm125\Documents\Things you can do on SPSS 17.pdf
[2010/05/03 10:23:46 | 000,610,156 | ---- | C] () -- C:\Users\Yesm125\Documents\Things you can do on SPSS 17.docx
[2010/04/29 13:59:59 | 000,000,134 | ---- | C] () -- C:\Users\Yesm125\Desktop\Windows Mobility Center - Shortcut.lnk
[2010/04/29 13:52:20 | 000,000,208 | ---- | C] () -- C:\Users\Yesm125\Desktop\NVIDIA Control Panel - Shortcut.lnk
[2010/04/22 17:00:05 | 000,001,038 | ---- | C] () -- C:\Users\Yesm125\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/04/22 17:00:04 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/04/21 18:26:07 | 000,000,289 | ---- | C] () -- C:\Users\Yesm125\AppData\Roaming\burnaware.ini
[2010/04/21 17:42:31 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2010/04/20 10:06:16 | 000,000,178 | ---- | C] () -- C:\Users\Yesm125\Desktop\Buy RAR Password Recovery Now!.url
[2010/04/18 20:01:31 | 000,042,496 | ---- | C] () -- C:\Users\Yesm125\Documents\week 6 questions..doc
[2010/04/16 16:03:54 | 000,000,480 | ---- | C] () -- C:\Users\Yesm125\Documents\error.rp1
[2010/04/16 16:03:54 | 000,000,000 | ---- | C] () -- C:\Users\Yesm125\Documents\error.rp4
[2010/04/16 16:03:54 | 000,000,000 | ---- | C] () -- C:\Users\Yesm125\Documents\error.rp3
[2010/04/16 16:03:54 | 000,000,000 | ---- | C] () -- C:\Users\Yesm125\Documents\error.rp2
[2010/04/16 16:03:54 | 000,000,000 | ---- | C] () -- C:\Users\Yesm125\Documents\error.rp0
[2010/04/13 11:51:55 | 000,163,154 | ---- | C] () -- C:\Users\Yesm125\Documents\Tax Update Y_MELO.pdf
[2010/04/12 11:48:34 | 000,032,103 | -H-- | C] () -- C:\Users\Yesm125\Documents\Folder.jpg
[2010/04/12 11:48:34 | 000,032,103 | -H-- | C] () -- C:\Users\Yesm125\Documents\AlbumArt_{65DCB901-EEBE-4324-9E71-F16F0BC663FA}_Large.jpg
[2010/04/12 10:17:29 | 000,000,086 | ---- | C] () -- C:\Windows\wininit.ini
[2010/04/11 02:27:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2010/04/11 02:27:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_winusb_01009.Wdf
[2010/04/11 02:27:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/04/10 22:11:19 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2010/04/10 21:33:32 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/04/10 20:56:27 | 000,542,856 | ---- | C] () -- C:\Users\Yesm125\Documents\2009 Melo Y Form 1040 Individual Tax Return.tax2009
[2010/04/10 16:46:06 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/04/09 22:42:20 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/08 23:33:00 | 000,160,998 | ---- | C] () -- C:\Users\Yesm125\Documents\Myron Confirmation.pdf
[2010/04/08 14:58:19 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$etwork.doc
[2010/04/08 14:57:09 | 001,141,760 | ---- | C] () -- C:\Users\Yesm125\Documents\Network.doc
[2010/04/08 14:30:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/04/07 17:07:35 | 000,000,761 | ---- | C] () -- C:\Users\Yesm125\Desktop\Sonne DVD Burner.lnk
[2010/04/05 18:27:05 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$ndidate_Info_Sheet_Charlot.doc
[2010/04/05 18:27:02 | 000,188,416 | ---- | C] () -- C:\Users\Yesm125\Documents\Candidate_Info_Sheet_Charlot.doc
[2010/04/04 19:31:32 | 000,000,162 | -H-- | C] () -- C:\Users\Yesm125\Documents\~$p4ymelo.......doc
[2010/04/04 19:31:30 | 000,047,616 | ---- | C] () -- C:\Users\Yesm125\Documents\app4ymelo.......doc
[2010/04/04 16:07:21 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010/04/02 03:04:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/02 03:04:38 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/04/01 12:03:55 | 000,000,572 | ---- | C] () -- C:\Users\Yesm125\Desktop\hjsplit - Shortcut.lnk
[2010/04/01 11:22:26 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/04/01 11:22:21 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/04/01 11:22:00 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/04/01 11:21:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/01 11:21:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/04/01 11:21:51 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/04/01 11:21:49 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/04/01 11:21:39 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/04/01 11:21:02 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/04/01 11:20:57 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/04/01 11:18:45 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/04/01 11:18:27 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/03/29 22:49:25 | 000,043,520 | ---- | C] () -- C:\Users\Yesm125\Documents\app3YMELO.doc
[2010/03/28 22:54:28 | 000,018,544 | ---- | C] () -- C:\Users\Yesm125\Documents\STATS 3.27.10.docx
[2010/03/28 13:47:25 | 000,000,114 | ---- | C] () -- C:\Windows\System32\prsgrc.tgz
[2010/03/28 13:47:24 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/03/28 13:47:24 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/03/28 13:47:24 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/03/28 12:57:39 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz
[2010/03/28 12:57:39 | 000,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz
[2010/03/28 12:57:38 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/03/28 12:57:37 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/03/28 12:57:36 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\servdat.slm
[2010/03/26 09:27:25 | 000,003,418 | ---- | C] () -- C:\Users\Yesm125\Documents\survey_software_results.html
[2010/03/02 20:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/03/02 20:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/03/02 20:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/02 20:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/03/02 20:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/03/02 20:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/03/02 20:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/03/02 20:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/03/02 20:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/03/02 20:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/03/02 20:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/03/02 20:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/03/02 20:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/03/02 20:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/03/02 20:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/03/02 20:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/03/02 20:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/14 14:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/11/14 14:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/11/14 14:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/11/14 14:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/11/14 14:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/11/14 14:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/11/14 14:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/11/14 14:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/11/14 14:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/11/14 14:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/06/05 21:42:08 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/03/01 21:34:23 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2009/03/01 21:30:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2009/03/01 21:30:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2009/03/01 21:30:05 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2009/03/01 21:28:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/03/01 21:28:58 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/03/01 21:28:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/03/01 21:28:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/03/01 21:24:14 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini
[2009/03/01 21:23:43 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/02/11 21:45:48 | 000,000,270 | ---- | C] () -- C:\Windows\System32\lxczcoin.ini
[2007/02/11 21:37:53 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/11 19:01:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/29 20:59:10 | 000,029,919 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/03/27 17:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/01/10 23:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 23:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2002/05/17 18:18:30 | 000,124,928 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll

========== LOP Check ==========

[2009/03/01 23:56:21 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Avery
[2010/06/18 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\AVG9
[2010/04/04 17:49:01 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Elluminate
[2010/06/06 15:32:16 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Faces
[2010/05/28 09:18:38 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\GlarySoft
[2010/06/20 17:37:57 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\gtk-2.0
[2010/06/03 12:09:24 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\IN-MEDIAKG
[2010/05/13 08:54:14 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\IObit
[2009/06/05 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Leadertech
[2009/04/12 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Lexmark Productivity Studio
[2010/06/17 09:33:32 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Outerspace Software
[2007/02/14 10:36:10 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\PlayFirst
[2007/02/11 20:54:24 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\SampleView
[2009/02/01 19:23:11 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\TaxCut
[2010/04/04 17:15:25 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\TeamViewer
[2008/01/10 22:14:48 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\Template
[2010/04/12 10:12:55 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\uTorrent
[2007/02/13 00:32:13 | 000,000,000 | ---D | M] -- C:\Users\Yesm125\AppData\Roaming\WildTangent
[2010/06/23 15:57:12 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/05/15 01:20:21 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/06/01 01:00:04 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/06/23 15:54:31 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
  • 0

#10
Aaron
Posted 24 June 2010 - 02:37 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi,

Avast and AVG are both still active :) You can use this tool to cleanup leftovers from Mcafee: http://service.mcafe...spx?id=TS100507

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements

#11
Francwaa
Posted 25 June 2010 - 01:19 PM

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Haven't noticed any redirection lately could this mean I'm cured?


ComboFix 10-06-25.01 - Yesm125 06/25/2010 14:35:48.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.179 [GMT -4:00]
Running from: c:\users\Yesm125\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Windows
c:\users\Yesm125\AppData\Roaming\Microsoft\Windows\Recent\APP8Meloy....doc
c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\tmp.reg
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))))))
.

2010-06-25 18:51 . 2010-06-25 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-25 18:18 . 2010-06-25 18:30 -------- d-----w- c:\programdata\NOS
2010-06-25 18:18 . 2010-06-25 18:30 -------- d-----w- c:\program files\NOS
2010-06-25 14:48 . 2010-06-25 14:48 -------- d-----w- c:\windows\LastGood.Tmp
2010-06-24 17:44 . 2010-06-24 17:44 -------- d-----w- c:\users\Yesm125\AppData\Roaming\NCH Software
2010-06-24 17:44 . 2010-06-24 17:48 -------- d-----w- c:\program files\NCH Software
2010-06-24 17:44 . 2010-06-25 17:19 -------- d-----w- c:\programdata\NCH Software
2010-06-24 13:23 . 2010-06-24 13:23 -------- d-----w- c:\users\Yesm125\AppData\Roaming\dvdcss
2010-06-23 19:43 . 2010-06-23 19:43 -------- d-----w- C:\_OTL
2010-06-23 14:05 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 14:05 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 12:20 . 2010-06-22 12:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 02:40 . 2010-06-22 02:40 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-06-22 00:25 . 2010-06-22 19:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-22 00:25 . 2010-06-22 02:40 -------- d-----w- c:\programdata\Hitman Pro
2010-06-22 00:24 . 2010-06-22 00:24 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-20 21:37 . 2010-06-20 21:37 -------- d-----w- c:\users\Yesm125\AppData\Roaming\gtk-2.0
2010-06-20 21:37 . 2010-06-20 21:37 -------- d-----w- c:\users\Yesm125\.thumbnails
2010-06-20 21:29 . 2010-06-20 21:56 -------- d-----w- c:\users\Yesm125\.gimp-2.6
2010-06-20 21:16 . 2010-06-20 21:16 -------- d-----w- c:\program files\GIMP-2.0
2010-06-20 20:52 . 2010-06-20 20:54 -------- d-----w- c:\program files\Paint.NET
2010-06-20 20:51 . 2010-06-20 20:59 -------- d-----w- c:\users\Yesm125\AppData\Local\Paint.NET
2010-06-19 00:03 . 2010-06-23 19:26 -------- d-----w- c:\program files\ewido anti-malware
2010-06-18 23:50 . 2010-06-18 23:50 -------- d-----w- c:\users\Yesm125\AppData\Roaming\AVG9
2010-06-18 19:03 . 2010-06-18 19:03 -------- d-----w- c:\users\Yesm125\AppData\Local\AVG Security Toolbar
2010-06-18 18:43 . 2010-06-22 12:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-18 18:43 . 2010-06-18 22:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-18 18:42 . 2010-06-25 12:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-18 18:42 . 2010-06-18 18:46 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-06-18 18:41 . 2010-06-22 12:19 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-06-18 18:41 . 2010-06-18 18:41 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-18 18:41 . 2010-06-22 12:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-18 18:39 . 2010-06-18 18:39 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-06-18 18:37 . 2010-06-18 18:37 -------- d-----w- c:\program files\AVG
2010-06-18 18:36 . 2010-06-18 18:37 -------- d-----w- c:\programdata\avg9
2010-06-18 16:44 . 2010-06-18 16:44 -------- d-----w- c:\users\Yesm125\AppData\Local\Yahoo!
2010-06-17 13:33 . 2010-06-17 13:33 -------- d-----w- c:\users\Yesm125\AppData\Roaming\Outerspace Software
2010-06-17 13:31 . 2010-06-17 13:31 -------- d-----w- C:\Outerspace Software
2010-06-15 21:05 . 2010-06-15 21:05 -------- d-----w- c:\program files\Simnet
2010-06-15 13:56 . 2010-06-15 14:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-15 13:56 . 2010-06-15 14:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-14 15:01 . 2010-06-25 13:41 -------- d-----w- c:\programdata\Alwil Software
2010-06-14 15:01 . 2010-06-14 15:01 -------- d-----w- c:\program files\Alwil Software
2010-06-13 14:55 . 2010-06-18 22:30 -------- d-----w- c:\users\Yesm125\Tracing
2010-06-13 14:51 . 2010-04-28 11:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-06-13 14:50 . 2010-06-13 14:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-06-13 14:48 . 2010-06-13 14:48 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-13 14:46 . 2010-06-14 12:18 -------- d-----w- c:\program files\Microsoft
2010-06-13 14:46 . 2010-06-13 14:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-13 14:45 . 2010-06-13 14:50 -------- d-----w- c:\program files\Windows Live
2010-06-13 14:29 . 2010-06-13 14:29 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-13 14:05 . 2008-07-08 12:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-06-13 14:00 . 2009-10-16 22:03 208896 ----a-w- c:\windows\system32\lxdxgrd.dll
2010-06-13 13:59 . 2010-06-13 14:04 -------- d-----w- c:\users\Yesm125\{d3623ad7-c9f1-419b-bb72-b434aa8d73c5}
2010-06-12 17:08 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-12 17:08 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-12 17:08 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-12 17:08 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-12 17:08 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-11 06:27 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 06:27 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 06:27 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-06 20:17 . 2010-06-06 20:17 -------- d-----w- c:\users\Yesm125\{239ce63c-7c7d-46c4-8aa6-a2e40009a3ea}
2010-06-06 19:11 . 2010-06-06 19:32 -------- d-----w- c:\users\Yesm125\AppData\Roaming\Faces
2010-06-05 15:00 . 2010-06-05 15:00 -------- d-----w- c:\users\Yesm125\AppData\Roaming\CyberLink
2010-06-05 15:00 . 2010-06-05 15:00 -------- d-----w- c:\users\Public\CyberLink
2010-06-05 15:00 . 2010-06-05 15:00 -------- d-----w- c:\programdata\CyberLink
2010-06-03 16:40 . 2010-06-03 16:40 -------- d-----w- c:\program files\Brain Bullet!
2010-06-03 16:09 . 2010-06-03 17:08 -------- d-----w- c:\program files\FotoWorksXL
2010-06-03 16:09 . 2010-06-03 16:09 -------- d-----w- c:\users\Yesm125\AppData\Roaming\IN-MEDIAKG
2010-06-03 16:08 . 2010-06-03 16:08 -------- d-----w- c:\program files\mresreg
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 21:12 . 2010-06-02 21:13 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-06-02 03:18 . 2010-06-02 03:18 -------- d-----w- C:\!KillBox
2010-06-01 17:18 . 2010-06-01 17:18 -------- d-----w- c:\program files\Home Photo Studio
2010-06-01 16:55 . 2010-06-01 16:55 -------- d-----w- c:\program files\QuickTime
2010-06-01 16:33 . 2010-06-01 16:33 -------- d-----w- c:\program files\Windows Media Components
2010-06-01 16:30 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-05-30 17:26 . 2010-05-30 17:33 -------- d-----r- c:\program files\TypingMaster
2010-05-28 13:18 . 2010-05-28 13:18 -------- d-----w- c:\users\Yesm125\AppData\Roaming\GlarySoft
2010-05-28 12:50 . 2010-05-28 12:50 -------- d-----w- c:\program files\Glary Utilities
2010-05-27 13:34 . 2010-06-14 02:41 -------- d-----w- c:\program files\HyperSnap 6
2010-05-27 13:31 . 2010-05-27 13:31 -------- d-----w- c:\program files\Common Files\Jam DVD Copy
2010-05-27 13:31 . 2010-06-11 07:51 -------- d-----w- c:\program files\Jam DVD Copy
2010-05-27 13:11 . 2010-05-27 13:11 -------- d-----w- c:\program files\HyCam2
2010-05-27 12:28 . 2010-05-27 12:54 -------- d-----w- c:\users\Yesm125\SecurityScans
2010-05-27 12:26 . 2010-05-27 12:26 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 18:00 . 2007-02-12 02:22 42621 ----a-w- c:\users\Yesm125\AppData\Roaming\nvModes.dat
2010-06-25 17:55 . 2010-05-04 16:36 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-25 16:08 . 2010-03-07 00:55 -------- d-----w- c:\users\Yesm125\AppData\Roaming\vlc
2010-06-25 14:43 . 2009-03-02 01:43 -------- d-----w- c:\programdata\Lx_cats
2010-06-23 19:15 . 2010-06-23 19:14 64790091 ----a-w- c:\programdata\SPL3B65.tmp
2010-06-23 14:18 . 2007-01-11 22:32 -------- d-----w- c:\program files\Google
2010-06-22 12:18 . 2010-06-22 12:18 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-06-19 12:11 . 2010-05-19 18:54 63488 ----a-w- c:\users\Yesm125\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-19 12:11 . 2010-05-19 18:53 117760 ----a-w- c:\users\Yesm125\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-18 17:23 . 2009-03-04 03:19 -------- d-----w- c:\users\Yesm125\AppData\Roaming\FaxCtr
2010-06-15 02:53 . 2010-06-15 02:53 691 ----a-w- c:\users\Yesm125\AppData\Roaming\GetValue.vbs
2010-06-15 02:53 . 2010-06-15 02:53 35 ----a-w- c:\users\Yesm125\AppData\Roaming\SetValue.bat
2010-06-15 02:53 . 2010-06-15 02:53 35 ----a-w- c:\users\Yesm125\AppData\Roaming\SetValue.bat
2010-06-14 12:15 . 2010-05-19 18:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-13 21:07 . 2010-03-06 01:46 -------- d-----w- c:\program files\Image-Line
2010-06-12 17:13 . 2007-01-11 22:29 -------- d-----w- c:\program files\Microsoft.NET
2010-06-11 07:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 07:26 . 2007-01-11 22:28 -------- d-----w- c:\programdata\Microsoft Help
2010-06-04 14:26 . 2010-03-08 03:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 21:33 . 2007-02-12 00:04 73552 ----a-w- c:\users\Yesm125\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-01 21:30 . 2007-01-11 22:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-06-01 17:11 . 2010-06-01 17:11 501872 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb7929.tmp.exe
2010-05-25 07:25 . 2010-05-25 07:25 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-25 07:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-25 07:25 . 2010-05-25 07:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-05-25 07:25 . 2010-05-25 07:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-24 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-24 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-24 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-24 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-24 14:04 . 2007-09-26 03:29 -------- d-----w- c:\program files\PowerArchiver
2010-05-24 13:54 . 2008-03-04 03:06 -------- d-----w- c:\programdata\eBay
2010-05-24 13:52 . 2007-01-11 22:42 -------- d-----w- c:\programdata\Napster
2010-05-24 13:48 . 2009-09-11 22:10 -------- d-----w- c:\programdata\Norton
2010-05-24 13:48 . 2008-03-30 13:27 -------- d-----w- c:\program files\Norton Security Scan
2010-05-21 18:57 . 2009-10-28 22:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-21 18:14 . 2010-05-14 02:31 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 18:54 . 2010-05-19 18:54 52224 ----a-w- c:\users\Yesm125\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-19 18:53 . 2010-05-19 18:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-19 18:44 . 2010-05-19 18:44 -------- d-----w- c:\users\Yesm125\AppData\Roaming\SUPERAntiSpyware.com
2010-05-19 18:42 . 2010-05-19 18:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-18 21:38 . 2010-05-18 21:38 -------- d-----w- c:\users\Yesm125\AppData\Roaming\Malwarebytes
2010-05-18 21:38 . 2010-05-18 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 21:38 . 2010-05-18 21:38 -------- d-----w- c:\programdata\Malwarebytes
2010-05-13 12:54 . 2010-04-22 20:59 -------- d-----w- c:\users\Yesm125\AppData\Roaming\IObit
2010-05-10 17:11 . 2010-05-10 17:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-05-04 05:59 . 2010-06-11 06:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 06:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 06:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 06:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 06:25 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-18 21:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-18 21:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:13 . 2010-05-26 15:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 12:08 . 2010-04-23 12:08 690952 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-20 12:58 . 2007-10-28 23:02 680 ----a-w- c:\users\Yesm125\AppData\Local\d3d9caps.dat
2010-04-17 04:04 . 2010-04-17 04:04 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 16:43 . 2010-06-23 14:05 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 14:05 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 14:05 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 14:05 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-01 00:36 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-04-01 00:35 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-03-29 12:53 . 2010-06-25 18:10 32576 ------w- c:\users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-03-28 17:47 . 2010-03-28 17:47 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-03-28 17:47 . 2010-03-28 17:47 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-03-28 17:25 . 2010-03-28 17:25 16 ---h--w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\oavhhba.dll
2010-03-28 16:57 . 2010-03-28 16:57 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-03-27 23:48 . 2010-03-27 23:50 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-25 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-29 815104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"Reflect"="c:\program files\NCH Software\Reflect\reflect.exe" [2010-06-24 815108]
"ExpressInvoice"="c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe" [2010-06-24 3158020]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-04 00:26 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonneDVDBurner]
2010-01-19 15:42 5191168 ----a-w- c:\program files\Sonne DVD Burner\sdb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonneDVDCreator]
2010-03-10 17:46 16505344 ----a-w- c:\program files\Jam DVD Copy\DVDCreator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 18:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):9b,2f,e8,1e,54,fb,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-6110438-3837286715-127704199-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-6110438-3837286715-127704199-500]
"EnableNotificationsRef"=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 ExpressInvoiceService;Express Invoice;c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [2010-06-24 3158020]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-04 30192]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-06-22 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-18 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-06-18 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-22 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-06-01 67656]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-06-22 921440]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-22 2331032]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2009-10-16 94208]
S2 ReflectService;Reflect Customer Database;c:\program files\NCH Software\Reflect\reflect.exe [2010-06-24 815108]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-06-22 122448]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-06-22 30288]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-06-22 27216]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1170464]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-05-28 14:01]

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 02:55]

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 02:55]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Sonne DVD Burner\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Sonne DVD Burner\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Yesm125\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\Yesm125\AppData\Roaming\Mozilla\Firefox\Profiles\o9h50m55.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-Uninstall Adobe Download Manager - c:\users\Yesm125\AppData\Local\Temp\nos_uninstall_Adobe.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-avast5 - c:\progra~1\ALWILS~1\Avast5\avastUI.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 14:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-06-25 15:13:18
ComboFix-quarantined-files.txt 2010-06-25 19:13

Pre-Run: 32,083,685,376 bytes free
Post-Run: 32,017,702,912 bytes free

- - End Of File - - FD0B6629F563D4C7343C4707B36920AC
  • 0

#12
Aaron
Posted 25 June 2010 - 11:55 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi, have you ever installed SafeNet Sentinel before?

Please follow these steps:

Step 1

Run OTL again
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

:Services

:Reg

:Files
c:\programdata\SPL3B65.tmp

:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done, save and post the log it produces in your next reply.

Let's do a scan with Malwarebytes' Anti-Malware and Kaspersky. :)

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 3

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image
  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
Please post the logs of OTL, Malwarebytes' Anti-Malware and Kaspersky in your next reply.

- Maser00
  • 0

#13
Francwaa
Posted 29 June 2010 - 01:24 PM

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry about the delay, but I was out of town for the weekend and have only began following your most recent instructions yesterday morning.

Still trying to complete Kaspersky Scan it is already 30% completed with about 5 threats detected someone accidentally closed it yesterday during the scan. I lost a day and have no idea what threats were detected during that scan. Below is Malwarebytes & OTL Logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4251

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\programdata\SPL3B65.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Yesm125
->Temp folder emptied: 928424 bytes
->Temporary Internet Files folder emptied: 8990154 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85791840 bytes
->Flash cache emptied: 4648 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 9728 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 189832576 bytes

Total Files Cleaned = 272.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Yesm125
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb




OTL by OldTimer - Version 3.2.6.1 log created on 06282010_173634

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

6/28/2010 6:56:48 PM
mbam-log-2010-06-28 (18-56-48).txt

Scan type: Quick scan
Objects scanned: 129406
Time elapsed: 14 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected}
  • 0

#14
Aaron
Posted 29 June 2010 - 01:57 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
No problem, please start the Kaspersky scan again. :)
  • 0

#15
Francwaa
Posted 29 June 2010 - 02:26 PM

Francwaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
By the way to my knowledge I have never downloaded safenet sentinel should I?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP