Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I need reassurance

Started by csutak40 , Aug 10 2010 10:31 PM

  • Please log in to reply

#1
csutak40
Posted 10 August 2010 - 10:31 PM

csutak40

    New Member

  • Member
  • Pip
  • 1 posts
Before a friend directed me to this Forum, I ran Trend Micro's Housecall. It found 36,531 !!!! Rootkits. Needless to say, I panicked. I asked a friend to run it on his machine, which came up clean - that made me even more worried. All of the files have one thing in common:

Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\

I never noticed this in my system before, but all the files it found have this looong tree of Application Data.
However, I gone through all the checks you've suggested, and they all seem fine


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4413

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

11/08/10 3:54:37
mbam-log-2010-08-11 (03-54-37).txt

Scan type: Quick scan
Objects scanned: 143232
Time elapsed: 10 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
______________

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-11 13:15:40
Windows 6.0.6002 Service Pack 2
Running: opp1dn5r.exe; Driver: C:\Users\Judy\AppData\Local\Temp\pwldipow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x908CF620]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 826E9D84 4 Bytes [20, F6, 8C, 90]
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8AF5C000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8AFA5000, 0x510, 0x40000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[916] ntdll.dll!DbgBreakPoint 77838B2E 1 Byte [90]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[3184] kernel32.dll!SetUnhandledExceptionFilter 75ECA84F 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\PeerBlock\peerblock.exe[5800] kernel32.dll!SetUnhandledExceptionFilter 75ECA84F 5 Bytes JMP 0043F0C0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\Aldi\Printers\{D2ECD380-D3C9-4805-86AC-8231EFFD02FB}\Client Side Rendering@LastTouched 0x79 0xB3 0xD4 0x79 ...

---- Files - GMER 1.0.15 ----

ADS C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe:BAK 22528 bytes executable

---- EOF - GMER 1.0.15 ----
____________________________
OTL logfile created on: 11/08/10 13:18:13 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Judy\Downloads\GeekstogoFiles\OTL
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.18 Gb Total Space | 66.94 Gb Free Space | 47.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA
Current User Name: Judy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/11 02:27:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Judy\Downloads\GeekstogoFiles\OTL\OTL.exe
PRC - [2010/08/05 05:21:06 | 000,327,472 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Judy\Downloads\uTorrent\utorrent.exe
PRC - [2010/07/22 12:50:20 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/04 15:12:07 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/06/23 12:22:56 | 000,339,008 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2010/06/23 12:22:54 | 003,308,096 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2009/12/31 10:08:08 | 000,495,616 | ---- | M] (BirdCage Software) -- C:\Program Files\Weather\weather.exe
PRC - [2009/11/08 22:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/09/28 01:02:42 | 001,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/09/11 06:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/09/11 06:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/07/17 15:53:10 | 002,888,403 | ---- | M] () -- C:\Program Files\Weatherzone Tracker\weather_tracker.exe
PRC - [2009/06/14 15:15:43 | 004,025,744 | ---- | M] (Babylon Ltd.) -- C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/22 10:38:32 | 002,749,952 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbInterface.exe
PRC - [2008/11/10 11:51:46 | 000,031,744 | ---- | M] (NirSoft) -- C:\Program Files\Volumouse\volumouse.exe
PRC - [2008/03/19 10:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2008/01/30 10:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/01/29 20:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/22 13:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/01/21 12:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/10 08:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/01/04 07:45:00 | 004,415,488 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/12/26 07:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/12/26 07:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007/12/10 23:56:00 | 000,709,632 | ---- | M] (Softshape Development) -- C:\Program Files\Chameleon Clock\ChamClock.exe
PRC - [2007/10/25 16:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/17 07:42:02 | 002,425,856 | ---- | M] (Centered Systems) -- C:\Program Files\SecCopy\SecCopy.exe
PRC - [2007/06/27 15:36:34 | 000,058,880 | ---- | M] () -- C:\Program Files\Chameleon Clock\settime.exe
PRC - [2007/05/29 23:07:58 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdecoms.exe
PRC - [2007/01/02 07:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2005/02/11 17:58:10 | 000,180,224 | ---- | M] () -- C:\Program Files\CLCL\CLCL.exe
PRC - [2004/11/21 23:00:00 | 000,028,672 | ---- | M] (CANON INC.) -- C:\Windows\System32\CAP4RSK.EXE
PRC - [2003/09/11 08:20:56 | 000,700,416 | ---- | M] (ARM Software) -- C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe
PRC - [2003/07/14 23:00:00 | 000,101,376 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CAP4SWK.EXE
PRC - [2003/07/14 23:00:00 | 000,030,720 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CAP4LAK.EXE
PRC - [2001/03/27 15:00:00 | 000,276,480 | ---- | M] () -- C:\Program Files\Pick-a-tag\Pickatag.exe


========== Modules (SafeList) ==========

MOD - [2010/08/11 02:27:43 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Judy\Downloads\GeekstogoFiles\OTL\OTL.exe
MOD - [2009/06/04 13:32:10 | 000,208,896 | ---- | M] (Babylon Ltd.) -- C:\Program Files\Babylon\Babylon-Pro\captlib.dll
MOD - [2009/04/11 16:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/11/10 11:51:20 | 000,007,168 | ---- | M] (NirSoft) -- C:\Program Files\Volumouse\vlmshlp.dll
MOD - [2008/01/21 12:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/28 16:02:50 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [On_Demand | Stopped] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/06/23 12:22:56 | 000,339,008 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 11:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/11 06:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 06:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/22 10:38:38 | 000,583,168 | ---- | M] (Luis Cobian) [On_Demand | Stopped] -- C:\Program Files\Cobian Backup 9\cbService.exe -- (CobianBackupAmanita)
SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\BurnAware Free\NMSAccess32.exe -- (NMSAccess)
SRV - [2008/11/04 02:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/01/21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 12:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/26 07:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 11:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/06/27 15:36:34 | 000,058,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Chameleon Clock\settime.exe -- (ChamClock Set Time Service for Vista)
SRV - [2007/05/29 23:07:58 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdecoms.exe -- (lxde_device)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/04/15 04:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AWRTRD.sys -- (Ad-Watch Registry Filter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/06/23 12:05:30 | 000,179,656 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\Windows\system32\DRIVERS\PCGenFAM.sys -- (PCGenFAM)
DRV - [2010/05/26 14:08:18 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/20 12:17:19 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/20 12:17:19 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/28 01:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/09/11 06:26:28 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/09/11 06:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 06:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/06/17 22:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/01/20 05:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/01/13 08:56:06 | 000,346,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/12/07 11:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008/11/04 02:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/10/15 07:32:08 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/10/15 07:30:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/10/15 07:29:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/08/14 09:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/06/23 08:44:54 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/01/30 13:34:20 | 002,058,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/21 14:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/21 12:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 12:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 12:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 12:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 12:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 12:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 12:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 12:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 12:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 12:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 12:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 12:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 12:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 12:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 12:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 12:23:47 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 12:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 12:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 12:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 12:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 12:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 12:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 12:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 12:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 12:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 12:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/11/09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/30 17:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/09/13 16:23:50 | 001,925,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/04/23 09:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/21 08:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/19 05:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.melbpc.org.au/isp/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..babylon.toolbar.keyword.enabled: "true"
FF - prefs.js..browser.search.selectedEngine: "Epguides.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=iglk"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {f6279051-725b-49a1-bd61-759e71f69350}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.29
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}:1.2.284
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.4
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:14.3
FF - prefs.js..extensions.enabledItems: {0fc85f5d-6207-4515-a490-45a549d285c0}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.87683
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/01/05 23:56:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 04:11:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 04:11:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/23 12:49:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/09 17:13:19 | 000,000,000 | ---D | M]

[2010/03/30 19:25:00 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Extensions
[2010/03/30 19:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judy\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/11 00:24:55 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions
[2010/02/18 22:02:40 | 000,000,000 | ---D | M] (Radio Bar 1 Toolbar) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}
[2010/08/04 01:15:24 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/12/31 15:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/28 13:34:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/06 22:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{27915FC8-E347-45a9-8502-4ADA5EF2E0E8}-trash
[2009/10/16 12:41:43 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/01/26 23:17:41 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/01/06 18:53:05 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/05/14 01:12:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/27 01:35:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/09 01:58:42 | 000,000,000 | ---D | M] (Net Usage Item) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}
[2010/06/25 08:55:43 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010/07/20 13:05:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/19 23:06:28 | 000,000,000 | ---D | M] (CoffeeSnobs Toolbar) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\{f6279051-725b-49a1-bd61-759e71f69350}
[2009/01/05 15:19:05 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\[email protected]
[2009/01/05 15:19:06 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\[email protected]
[2010/06/04 14:35:37 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\[email protected]
[2009/10/03 21:56:17 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\[email protected]
[2010/04/02 02:01:20 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\[email protected]
[2010/04/09 14:13:29 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\[email protected]
[2010/02/03 15:42:30 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\extensions\[email protected]
[2009/01/05 14:52:24 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.org\extensions
[2008/12/17 13:14:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.org\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/19 20:28:29 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.org\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/12/17 13:18:00 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.org\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009/01/05 01:05:23 | 000,000,000 | ---D | M] (jsLib) -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.org\extensions\{DF8E5247-8E0A-4de6-B393-0735A39DFD80}
[2009/01/04 06:32:57 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.org\extensions\[email protected]
[2009/01/04 06:52:47 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.org\extensions\[email protected]
[2010/08/08 04:48:25 | 000,001,489 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\amazoncom---books.xml
[2008/05/12 04:44:41 | 000,000,984 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\dealsdirect-product-search.xml
[2008/06/05 08:10:11 | 000,001,349 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\ebay-australia.xml
[2009/03/12 14:38:58 | 000,001,789 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\epguidescom.xml
[2010/08/08 04:48:25 | 000,001,167 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\episodeworld-search.xml
[2010/03/31 14:57:13 | 000,005,500 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\food-network-recipes.xml
[2007/01/05 00:21:09 | 000,001,340 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\hollywoodcom.xml
[2010/08/08 04:48:25 | 000,005,769 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\imdb-eps.xml
[2008/06/22 14:17:10 | 000,000,908 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\imdb.xml
[2010/08/08 04:48:26 | 000,001,234 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\mobidictionary.xml
[2010/01/05 12:51:53 | 000,002,108 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\qtl.xml
[2008/04/13 16:06:19 | 000,002,386 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\siteadvisor.xml
[2010/08/08 04:48:26 | 000,004,939 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\staticice.xml
[2008/08/10 13:59:35 | 000,001,541 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\sztaki-eng-dict.xml
[2008/06/19 19:28:52 | 000,001,108 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\wikipedia-en.xml
[2010/08/11 00:25:01 | 000,000,808 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\slvk89zb.default\searchplugins\yahoo7.xml
[2010/08/11 00:24:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 13:00:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/10 09:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/08/08 16:33:23 | 000,415,145 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 14356 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UltraVNC SC] C:\Users\Judy\AppData\Local\Temp\vnc\winvnc-sc.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HomeAlarm] C:\Program Files\Chameleon Clock\ChamClock.exe (Softshape Development)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [uTorrent] C:\Users\Judy\Downloads\uTorrent\utorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2009/01/01 03:38:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Identities Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: Passcards Editor - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Reflection - GalleryPlayer.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Reflection - GalleryPlayer.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/11 01:20:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/11 01:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/11 00:05:11 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\vlc
[2010/08/08 23:34:15 | 000,000,000 | ---D | C] -- C:\Burn
[2010/08/05 05:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Easy CD & DVD Cover Creator
[2010/08/05 00:43:49 | 000,000,000 | ---D | C] -- C:\Users\Judy\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/07/27 00:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/03 02:54:46 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Local\assembly
[2010/07/03 02:53:16 | 000,000,000 | ---D | C] -- C:\Users\Judy\Documents\Snagit Stamps
[2010/07/02 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Local\Safe mirror
[2010/07/02 23:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/06/27 23:13:47 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\Soluto
[2010/06/27 22:34:45 | 000,179,656 | ---- | C] (Soluto LTD.) -- C:\Windows\System32\drivers\PCGenFAM.sys
[2010/06/27 22:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2010/06/27 22:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2010/06/26 03:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/25 06:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/06/25 06:28:46 | 000,000,000 | ---D | C] -- C:\Users\Judy\AppData\Roaming\Audacity
[2010/06/25 06:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/06/25 06:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2010/06/19 12:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/06 14:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\NetLibrary
[2010/05/25 00:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2007/05/18 15:08:58 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdepmui.dll
[2007/05/18 15:06:40 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdeserv.dll
[2007/05/18 15:00:32 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdelmpm.dll
[2007/05/18 15:00:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdecomm.dll
[2007/05/18 15:00:32 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdeinpa.dll
[2007/05/18 14:59:34 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdehbn3.dll
[2007/05/18 14:57:52 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdeusb1.dll
[2007/05/18 14:56:56 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdecomc.dll
[2007/05/18 14:52:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdeiesc.dll
[2007/05/18 14:51:30 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdeprox.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/11 13:22:54 | 008,912,896 | -HS- | M] () -- C:\Users\Judy\ntuser.dat
[2010/08/11 13:20:04 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{474C3C33-186D-4597-B88E-2FDB8544E207}.job
[2010/08/11 13:12:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2010/08/11 13:11:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/11 13:11:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/11 12:57:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/11 12:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/11 03:32:35 | 000,000,737 | ---- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\IceTV.widget.lnk
[2010/08/11 03:12:03 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MacroMaker.lnk
[2010/08/11 03:11:55 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2010/08/11 03:11:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/11 03:11:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/11 03:11:32 | 3210,702,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/11 01:19:50 | 000,000,952 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/11 01:19:24 | 000,000,796 | ---- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk
[2010/08/11 01:19:24 | 000,000,777 | ---- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2010/08/11 00:04:43 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/09 15:39:31 | 000,524,288 | -HS- | M] () -- C:\Users\Judy\ntuser.dat{affdeb8a-aa4b-11de-8ac8-001e3358b51a}.TMContainer00000000000000000001.regtrans-ms
[2010/08/09 15:39:31 | 000,065,536 | -HS- | M] () -- C:\Users\Judy\ntuser.dat{affdeb8a-aa4b-11de-8ac8-001e3358b51a}.TM.blf
[2010/08/09 14:40:07 | 000,000,680 | ---- | M] () -- C:\Users\Judy\AppData\Local\d3d9caps.dat
[2010/08/09 03:35:27 | 000,000,881 | ---- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/09 03:33:49 | 000,082,944 | ---- | M] () -- C:\Users\Judy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/09 02:28:31 | 000,000,865 | ---- | M] () -- C:\Users\Judy\AppData\Roaming\burnaware.ini
[2010/08/09 00:36:38 | 000,000,850 | ---- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\BurnAware Free.lnk
[2010/08/08 20:39:28 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/08/08 16:33:23 | 000,415,145 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100808-203918.backup
[2010/08/08 16:33:23 | 000,415,145 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/08 16:31:25 | 000,414,843 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100808-163323.backup
[2010/08/07 20:00:31 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/08/05 13:49:02 | 000,002,255 | ---- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/05 13:19:48 | 000,116,344 | ---- | M] () -- C:\Users\Judy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/05 13:18:05 | 000,416,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/05 05:37:57 | 000,001,041 | ---- | M] () -- C:\Users\Judy\Desktop\Easy CD & DVD Cover Creator.lnk
[2010/08/04 15:09:44 | 000,000,024 | ---- | M] () -- C:\Windows\System32\Error.dump
[2010/08/01 20:32:09 | 000,414,843 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100808-163124.backup
[2010/08/01 14:05:55 | 000,001,854 | ---- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/31 17:41:36 | 000,414,843 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100801-203208.backup
[2010/07/31 17:39:35 | 000,413,958 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100731-174136.backup
[2010/07/31 00:12:27 | 000,002,484 | ---- | M] () -- C:\Users\Judy\Documents\cc_20100731_001146.reg
[2010/07/30 23:53:08 | 000,000,843 | ---- | M] () -- C:\Users\Judy\Desktop\CCleaner.lnk
[2010/07/28 13:57:04 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/07/25 18:01:18 | 000,413,958 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100731-173935.backup
[2010/07/25 10:51:11 | 000,413,958 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100725-180117.backup
[2010/07/20 00:31:41 | 000,001,160 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/07/18 22:04:34 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/18 22:04:34 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/18 22:04:33 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/18 09:11:28 | 000,411,358 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100725-105110.backup
[2010/07/11 20:32:26 | 000,411,156 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100718-091127.backup
[2010/07/10 18:21:59 | 000,411,156 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100711-203225.backup
[2010/07/09 01:40:33 | 000,037,972 | ---- | M] () -- C:\Users\Judy\Documents\cc_20100709_014004.reg
[2010/07/04 17:52:48 | 000,410,662 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100710-182158.backup
[2010/07/03 18:52:28 | 000,410,662 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100704-175248.backup
[2010/07/03 18:49:09 | 000,407,819 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100703-185228.backup
[2010/07/03 02:53:31 | 000,002,002 | ---- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 10.lnk
[2010/06/28 14:36:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/27 22:35:03 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/27 18:01:39 | 000,407,819 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100703-184909.backup
[2010/06/27 02:42:02 | 000,407,819 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100627-180139.backup
[2010/06/25 06:28:39 | 000,000,890 | ---- | M] () -- C:\Users\Judy\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/06/23 12:05:30 | 000,179,656 | ---- | M] (Soluto LTD.) -- C:\Windows\System32\drivers\PCGenFAM.sys
[2010/06/22 12:30:04 | 000,001,787 | ---- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/20 20:21:03 | 000,407,693 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100627-024202.backup
[2010/06/19 01:03:28 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2010/06/13 20:20:12 | 000,403,631 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100620-202103.backup
[2010/06/13 14:54:59 | 000,403,631 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100613-202012.backup
[2010/06/13 14:52:01 | 000,396,198 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100613-145458.backup
[2010/06/11 03:29:13 | 000,002,401 | ---- | M] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/06/06 14:04:11 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\NetLibrary Download Manager.lnk
[2010/05/30 16:33:20 | 000,396,198 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100530-203200.backup
[2010/05/30 16:33:20 | 000,396,198 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100613-145200.backup
[2010/05/23 18:56:01 | 000,394,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100530-162148.backup
[2010/05/23 18:56:01 | 000,394,558 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100530-163320.backup
[2010/05/23 04:37:53 | 000,394,558 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100523-185600.backup
[2010/05/23 04:34:29 | 000,394,460 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100523-043753.backup
[2010/05/19 22:12:37 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/16 20:33:14 | 000,394,460 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100523-043429.backup
[2010/05/15 23:24:44 | 000,394,460 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100516-203313.backup
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/11 03:32:35 | 000,000,737 | ---- | C] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\IceTV.widget.lnk
[2010/08/11 01:19:50 | 000,000,952 | ---- | C] () -- C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/11 01:19:24 | 000,000,796 | ---- | C] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk
[2010/08/11 01:19:24 | 000,000,777 | ---- | C] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2010/08/11 00:04:43 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/09 15:40:13 | 3210,702,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/05 05:37:57 | 000,001,041 | ---- | C] () -- C:\Users\Judy\Desktop\Easy CD & DVD Cover Creator.lnk
[2010/07/31 00:11:58 | 000,002,484 | ---- | C] () -- C:\Users\Judy\Documents\cc_20100731_001146.reg
[2010/07/09 01:40:13 | 000,037,972 | ---- | C] () -- C:\Users\Judy\Documents\cc_20100709_014004.reg
[2010/07/03 02:53:31 | 000,002,002 | ---- | C] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 10.lnk
[2010/06/27 22:35:03 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/25 06:28:39 | 000,000,890 | ---- | C] () -- C:\Users\Judy\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/06/22 12:30:04 | 000,001,787 | ---- | C] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/06 14:04:11 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\NetLibrary Download Manager.lnk
[2010/05/25 00:25:15 | 000,000,865 | ---- | C] () -- C:\Users\Judy\AppData\Roaming\burnaware.ini
[2010/05/25 00:17:21 | 000,000,850 | ---- | C] () -- C:\Users\Judy\Application Data\Microsoft\Internet Explorer\Quick Launch\BurnAware Free.lnk
[2010/05/19 22:12:37 | 000,002,112 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/01/27 00:06:31 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010/01/26 15:19:45 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/06/01 18:34:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/23 21:28:59 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/01/04 04:12:29 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/01/04 04:12:29 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/12/13 17:19:23 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/12/13 17:16:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/12/13 17:16:00 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/12/13 17:16:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/12/13 17:16:00 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/12/13 17:16:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/12/13 17:16:00 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/12/13 16:55:01 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/12/13 16:55:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/12/13 16:55:01 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/12/13 16:55:01 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/12/07 11:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008/05/05 01:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/02/12 11:32:52 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/12 10:37:47 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/12 10:26:35 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/02/12 10:26:34 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/12 10:26:34 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/12 10:26:34 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/01/28 17:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 17:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 16:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 16:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 16:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 16:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007/05/28 23:02:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdegrd.dll
[2007/05/04 16:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdecoin.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/02 02:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdevs.dll

========== LOP Check ==========

[2009/01/05 13:21:39 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\aignes
[2010/06/27 23:29:03 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Audacity
[2009/09/08 01:46:11 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Babylon
[2010/01/27 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\EPSON
[2009/12/31 15:05:27 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\GARMIN
[2010/03/25 02:06:10 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\IObit
[2008/12/15 00:42:21 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\IrfanView
[2009/01/04 04:54:14 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Lexmark Productivity Studio
[2008/12/19 21:36:10 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\OpenOffice.org
[2009/02/01 04:32:52 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\PeerNetworking
[2010/06/27 23:13:47 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Soluto
[2009/12/11 02:35:55 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\TechSmith
[2010/03/30 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Thunderbird
[2010/07/24 19:39:27 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\toshiba
[2009/09/26 13:11:05 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\Uniblue
[2010/04/20 09:44:10 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\UseNeXT
[2010/08/11 13:23:12 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\uTorrent
[2010/03/03 16:24:55 | 000,000,000 | ---D | M] -- C:\Users\Judy\AppData\Roaming\WordWeb
[2010/08/11 03:11:55 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2010/08/11 13:12:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2010/08/11 03:11:43 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/11 13:20:04 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{474C3C33-186D-4597-B88E-2FDB8544E207}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/17 09:53:30 | 000,131,362 | ---- | M] () -- C:\aaw7boot.log
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/12 10:11:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/08/11 03:11:32 | 3210,702,848 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/03/01 15:19:25 | 000,000,530 | ---- | M] () -- C:\InstallHelper.log
[2008/02/12 10:22:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/26 23:51:14 | 000,000,078 | ---- | M] () -- C:\lxde.log
[2008/02/12 10:22:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/11 03:11:31 | 3524,497,408 | -HS- | M] () -- C:\pagefile.sys
[2008/12/18 20:20:27 | 000,000,040 | ---- | M] () -- C:\smconfig.cwc
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 22:37:19 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 22:37:19 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 22:37:19 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/06/01 18:53:58 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 07:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 22:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/05/26 03:42:10 | 000,113,664 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\lxdedrpp.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/12/29 15:19:34 | 000,086,016 | ---- | M] (birdcagesoft.com.au) -- C:\Windows\WEATHE~1.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 12:43:58 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2008/12/17 23:56:18 | 000,282,624 | ---- | M] (Leader Technologies) -- C:\Program Files\SpamMotel.exe
[2008/12/20 01:32:38 | 001,379,032 | ---- | M] () -- C:\Program Files\winvnc-sc.exe
[2009/01/06 05:39:40 | 001,378,924 | ---- | M] () -- C:\Program Files\winvnc-sc6.exe
[2008/12/18 17:23:15 | 000,169,420 | ---- | M] (UltraVnc) -- C:\Program Files\WinVNC.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 13:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%\system32|bak;true;false;false /fp >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/10/07 15:40:52 | 000,000,442 | -HS- | M] () -- C:\ProgramData\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 03:39:19

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
_______________________

So, basically I just need reassurance that there is nothing wrong, and also to find out what's up with this weird file structure on my system?

I also uploaded one of them to http://virscan.org and that found nothing either.

Here are a few examples of the files it found

\\?\\?\C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.6.0.32\AppleMobileDeviceSupport.msi

\\?\\\?\C:\Users\Judy\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TECHSMITH\Snagit\Thumbnails\LineProp 10.0.0 166.thumb

\\?\\\?\C:\Users\Judy\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Yahoo\Widget Engine\Unzipped\IceTV_Remote.widget\__MACOSX\IceTV.widget\Contents\images\channels\._sbs.png
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP