Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Not sure what Im missing

Started by BrIcEcYcLe , Jul 27 2010 11:01 AM

  • Please log in to reply

#1
BrIcEcYcLe
Posted 27 July 2010 - 11:01 AM

BrIcEcYcLe

    New Member

  • Member
  • Pip
  • 7 posts
Here is the MBAM,GMER,and OTL,(OTL only gave me one log) Thanks for the help.

-Bricecycle

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4314

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/26/2010 10:44:51 PM
mbam-log-2010-07-26 (22-44-51).txt

Scan type: Quick scan
Objects scanned: 130046
Time elapsed: 24 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:



GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-27 09:32:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\BRICEC~1\LOCALS~1\Temp\fwdoapod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[1444] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1948] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1948] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1948] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1948] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1948] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1948] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1948] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1948] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1948] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fastfat \Fat A8E77D20
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InProcServer32@ shell32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\shellex\ExtShellFolderViews
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\shellex\ExtShellFolderViews\{5984FFE0-28D4-11CF-AE66-08002B2E1262}
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\shellex\ExtShellFolderViews\{5984FFE0-28D4-11CF-AE66-08002B2E1262}@PersistMoniker file://%userappdata%\Microsoft\Internet Explorer\Desktop.htt
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\WINDOWS\system32\upnp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ UPnP.DescriptionDocument.1
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\TypeLib@ {DB3442A7-A2E9-4A59-9CB5-F5C1A5D901E5}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\VersionIndependentProgID@ UPnP.DescriptionDocument
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 63080
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{295EDE6B-3023-4F1F-A967-9BEDB3DFD879}@DhcpRetryStatus 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{295EDE6B-3023-4F1F-A967-9BEDB3DFD879}@DhcpRetryTime 328

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAA50D670]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAA50D720]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAA50D7C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAA50D860]

---- EOF - GMER 1.0.15 ----


OTL logfile created on: 7/27/2010 9:36:03 AM - Run 3
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Bricecycle\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 223.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.55 Gb Total Space | 7.71 Gb Free Space | 14.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D8R4GH81
Current User Name: Bricecycle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Documents and Settings\Bricecycle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IBM\Mobility Client\artstartsvc.exe ()
PRC - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bricecycle\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- File not found
SRV - (ACDaemon) -- File not found
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (artstartsvc) -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe ()
SRV - (ArtourService) -- C:\Program Files\IBM\Mobility Client\artsvc.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (Dell Inc.)
SRV - (wltrysvc) -- C:\WINDOWS\System32\wltrysvc.exe ()
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2010/01/22 14:59:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/01 09:12:45 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2010/01/27 01:08:00 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: beatport.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bricecycle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bricecycle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 10:52:56 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17454841580224512)

========== Files/Folders - Created Within 14 Days ==========

[2010/07/25 11:25:17 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Bricecycle\Recent
[2010/07/24 21:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bricecycle\Application Data\DivX
[2010/07/24 21:33:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/07/24 21:20:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bricecycle\My Documents\DivX
[2010/07/16 12:56:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bricecycle\Desktop\STENCIL ART
[2010/07/14 15:31:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bricecycle\Application Data\NCH Swift Sound
[2010/01/23 00:41:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/23 00:41:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/23 00:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/18 01:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/17 01:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[2010/01/13 13:19:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2009/08/26 17:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/08/26 17:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/02/24 05:44:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2007/02/24 05:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2005/09/24 13:33:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek

========== Files - Modified Within 14 Days ==========

[2010/07/27 08:02:46 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Bricecycle\Local Settings\Application Data\prvlcl.dat
[2010/07/27 06:20:06 | 62,629,516 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/26 22:16:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/26 22:16:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/26 22:16:13 | 52,789,2480 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/26 22:15:02 | 03,932,160 | ---- | M] () -- C:\Documents and Settings\Bricecycle\NTUSER.DAT
[2010/07/26 22:15:02 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Bricecycle\ntuser.ini
[2010/07/25 11:18:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/23 23:48:48 | 00,604,901 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/07/14 17:00:10 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Bricecycle\Desktop\CCleaner.lnk
[2010/07/14 16:58:04 | 00,013,222 | ---- | M] () -- C:\Documents and Settings\Bricecycle\My Documents\cc_20100714_165746.reg
[2010/07/14 15:59:49 | 00,523,820 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/14 15:59:49 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/14 15:59:49 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/14 15:49:44 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/14 15:49:44 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/14 15:49:44 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/14 15:24:23 | 03,723,332 | -H-- | M] () -- C:\Documents and Settings\Bricecycle\Local Settings\Application Data\IconCache.db
[2010/07/14 12:17:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/13 10:43:39 | 00,045,735 | ---- | M] () -- C:\Documents and Settings\Bricecycle\My Documents\BIRTHDAY.JPG
[2010/07/13 10:36:25 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Bricecycle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/07/14 16:57:50 | 00,013,222 | ---- | C] () -- C:\Documents and Settings\Bricecycle\My Documents\cc_20100714_165746.reg
[2010/07/14 16:53:44 | 00,045,735 | ---- | C] () -- C:\Documents and Settings\Bricecycle\My Documents\BIRTHDAY.JPG
[2010/03/10 19:25:34 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Bricecycle\Application Data\PFP120JPR.{PB
[2010/03/10 19:25:34 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Bricecycle\Application Data\PFP120JCM.{PB
[2010/01/21 18:33:06 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/18 01:33:36 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Bricecycle\Local Settings\Application Data\prvlcl.dat
[2010/01/07 19:37:05 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Bricecycle\Local Settings\Application Data\fusioncache.dat
[2009/12/15 00:18:56 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Bricecycle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/03 16:10:11 | 00,229,376 | ---- | C] () -- C:\WINDOWS\System32\KPDVS.dll
[2009/01/17 13:50:27 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/07/26 07:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/10/29 16:55:11 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\wcndis.sys
[2007/10/29 16:55:09 | 00,352,256 | ---- | C] () -- C:\WINDOWS\System32\artutils.dll
[2007/10/29 16:55:09 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\wecmgina.dll
[2007/10/29 16:55:09 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\artapij.dll
[2007/10/29 16:55:08 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\artapi.dll
[2007/05/12 14:16:23 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/28 04:08:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/04/27 04:12:11 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/04/26 18:46:38 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/03/03 05:55:56 | 00,001,942 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/03 05:55:56 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0E90015059.sys
[2007/01/02 20:01:08 | 01,024,000 | ---- | C] () -- C:\WINDOWS\System32\ewmpegco.dll
[2007/01/02 08:11:41 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/01/02 08:11:41 | 00,000,001 | ---- | C] () -- C:\WINDOWS\yedlata.dll
[2007/01/02 07:42:18 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/30 13:41:01 | 00,626,688 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
[2006/12/19 18:41:39 | 00,002,408 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/11/01 01:57:24 | 01,138,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/02/26 02:08:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/09/16 11:08:21 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/16 11:00:33 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/16 10:51:08 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/09/16 10:50:18 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/09/16 10:31:18 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/09/16 10:30:46 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/09/16 10:30:42 | 00,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 06:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

========== LOP Check ==========

[2009/03/14 14:37:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
[2010/01/23 00:44:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/10/29 16:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2008/11/19 15:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/09/30 17:39:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardian
[2008/12/05 16:56:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/09/16 10:58:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/24 12:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bricecycle\Application Data\AVG9
[2010/03/16 15:44:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bricecycle\Application Data\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2010/01/22 14:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bricecycle\Application Data\MSNInstaller
[2010/07/14 15:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bricecycle\Application Data\NCH Swift Sound
[2010/06/23 13:50:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bricecycle\Application Data\Skinux

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/06/16 04:43:42 | 02,867,200 | ---- | M] () -- C:\ar.exe
[2004/08/10 11:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/03 20:20:35 | 01,539,197 | ---- | M] () -- C:\blm3.jpg
[2010/01/23 13:27:51 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/14 15:49:44 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 00,260,272 | ---- | M] () -- C:\cmldr
[2004/08/10 11:04:08 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/09/16 10:34:52 | 00,004,914 | RH-- | M] () -- C:\dell.sdr
[2007/08/12 23:29:44 | 00,000,076 | ---- | M] () -- C:\DVDPATH.TXT
[2010/07/26 22:16:13 | 52,789,2480 | -HS- | M] () -- C:\hiberfil.sys
[2005/10/02 16:12:24 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/10/29 16:54:26 | 00,000,688 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/10 11:04:08 | 00,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/06/13 19:28:09 | 00,001,922 | -H-- | M] () -- C:\IPH.PH
[2010/05/21 02:57:41 | 00,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 11:04:08 | 00,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/21 16:39:32 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/08/05 14:34:59 | 00,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/08/05 14:34:59 | 00,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/07/26 22:16:11 | 79,272,3456 | -HS- | M] () -- C:\pagefile.sys
[2009/04/20 17:49:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/08 17:47:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/08 20:37:38 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/09 19:04:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/04/10 20:08:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/04/11 08:15:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/12 16:05:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/04/13 20:13:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/04/15 18:00:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/04/16 16:18:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/04/16 17:19:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/04/17 06:46:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/04/17 15:38:50 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/18 07:47:38 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/18 16:01:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/18 19:35:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/19 07:13:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/04/19 09:11:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/19 10:10:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/04/20 17:05:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/20 17:49:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/08 17:47:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/08 20:37:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/09 19:04:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/10 20:08:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/04/11 08:15:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/04/12 16:05:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/04/13 20:13:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/04/15 18:00:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/04/16 16:18:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/04/16 17:19:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/04/17 06:46:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/04/17 15:38:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/04/18 07:47:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/18 16:01:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/04/18 19:35:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/19 07:13:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/19 09:11:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/19 10:10:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/04/20 17:05:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/09/16 10:58:34 | 00,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2007/10/28 05:44:39 | 00,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 13:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 12:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 13:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 12:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 11:03:42 | 00,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 00,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 03:50:03 | 00,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2003/12/07 19:11:04 | 01,862,571 | ---- | M] (Axialis Software) -- C:\WINDOWS\A Merry Little Christmas.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 02:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 02:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 10:56:48 | 00,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 10:56:46 | 00,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 10:56:46 | 00,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 00,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 19:17:41

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP