1) It redirects my site selections to yellowpages.com and a few other, stranger sites. This occurs across multiple browsers, including Firefox, IE, and Google Chrome.
2) Within minutes of restarting, it reduces my windows to the style of Windows Classic. The selection for vista's default style disappears in Appearance.
3) My Internet privacy setting that blocks cookies is reduced to "accept all cookies" without my command.
4) Also just received an AVG block titled "Exploit Blackhole Exploit kit type 1889"
I have already tried running Malwarebytes, AVG, and Spybot, even in safe mode, without results. Any ideas on how to address this would be most appreciated.
OTL logfile created on: 9/6/2011 7:25:17 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Jeremy\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 40.96% Memory free
6.22 Gb Paging File | 4.34 Gb Available in Paging File | 69.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 28.95 Gb Free Space | 12.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.47 Gb Free Space | 64.67% Space Free | Partition Type: NTFS
Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/06 19:16:25 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Jeremy\Downloads\OTL.com
PRC - [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/08/22 16:41:14 | 003,126,944 | ---- | M] () -- C:\Windows\Downloaded Program Files\CONFLICT.120\FP_AX_CAB_INSTALLER.exe
PRC - [2011/08/22 16:41:14 | 003,126,944 | ---- | M] () -- C:\Windows\Downloaded Program Files\CONFLICT.119\FP_AX_CAB_INSTALLER.exe
PRC - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/06/11 16:43:10 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/06/10 02:51:59 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/01/20 04:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/08/08 22:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/03 07:28:23 | 000,400,440 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011/09/03 07:28:22 | 004,118,072 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 07:26:51 | 000,104,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 07:26:49 | 000,203,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 07:26:48 | 001,846,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011/09/03 05:35:01 | 006,338,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/08/15 12:00:28 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011/07/09 20:54:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/08 22:59:38 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2011/07/16 12:55:45 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/07/16 12:55:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/06/09 22:44:19 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/09 00:03:00 | 010,337,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/21 17:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/13 13:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/01/19 11:53:43 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/01/19 11:53:42 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/10/18 10:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jeremy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/09 08:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 13:27:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 21:59:49 | 000,000,000 | ---D | M]
[2011/06/09 22:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions
[2011/09/01 11:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions
[2011/07/16 11:46:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/08/23 04:39:18 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/08/05 20:59:34 | 000,002,057 | ---- | M] () -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\e20o1992.default\searchplugins\youtube-video-search.xml
[2011/09/06 13:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/19 15:40:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/10 01:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/24 11:34:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
() (No name found) -- C:\USERS\JEREMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E20O1992.DEFAULT\EXTENSIONS\[email protected]
[2011/06/11 03:01:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/03 01:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/24 11:34:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: unt.edu ([ecampus] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{761996B7-DC62-4CDB-B3F6-26E264271058}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{227b5fd3-9306-11e0-9e35-001d0986a113}\Shell - "" = AutoRun
O33 - MountPoints2\{227b5fd3-9306-11e0-9e35-001d0986a113}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{37f899f0-9c15-11e0-89c3-001d0986a113}\Shell - "" = AutoRun
O33 - MountPoints2\{37f899f0-9c15-11e0-89c3-001d0986a113}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/06 19:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/06 11:35:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/06 00:35:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/09/06 00:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/06 00:35:01 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/05 15:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1C Company
[2011/09/05 15:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
[2011/09/05 15:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2011/09/05 01:05:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1C Company
[2011/09/04 11:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\1C Company
[2011/09/03 10:16:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\Electronic Arts
[2011/09/01 18:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur - The Role-playing Wargame The Saxons
[2011/09/01 18:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur - The Role-playing Wargame The Druids
[2011/09/01 13:16:24 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\NeocoreGames
[2011/09/01 12:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\King Arthur - The Role-playing Wargame
[2011/09/01 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2011/09/01 12:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/09/01 11:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/09/01 08:02:03 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Remote
[2011/08/31 16:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/31 16:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/30 12:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/08/30 12:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/08/30 11:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2011/08/30 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2011/08/26 23:27:59 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Tropico 4
[2011/08/26 23:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Kalypso Media
[2011/08/26 23:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso Media
[2011/08/26 08:15:08 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Old stuff
[2011/08/25 10:26:48 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Immigration stuff
[2011/08/25 10:08:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Methods
[2011/08/25 10:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Quant
[2011/08/25 10:08:43 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\1040
[2011/08/25 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Theory
[2011/08/25 10:08:42 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\1050
[2011/08/25 10:08:40 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Extra
[2011/08/25 04:32:45 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Documents\TurningPoint
[2011/08/25 04:32:14 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Turning Technologies
[2011/08/25 04:30:23 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turning Technologies, LLC
[2011/08/25 04:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Turning Technologies
[2011/08/25 04:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Turning Technologies
[2011/08/24 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft
[2011/08/24 14:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2011/08/24 11:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/23 14:41:15 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Netscape
[2011/08/23 14:41:15 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Netscape
[2011/08/23 14:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2011/08/18 09:22:04 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\Desktop\Stata11
[2011/08/17 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Facebook
[2011/08/15 11:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/08/15 11:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/08/15 11:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/08/15 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/08/15 11:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/08/15 11:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/08/15 11:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/08/15 11:22:18 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2011/08/15 11:21:37 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Microsoft Help
[2011/08/15 11:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/08/12 15:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/12 15:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/11 22:38:29 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Local\Fallout3
[2011/08/11 21:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2011/08/10 21:18:44 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\HpUpdate
[2011/08/10 21:18:41 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011/08/08 23:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2011/08/08 05:32:02 | 000,000,000 | R--D | C] -- C:\Users\Jeremy\Dropbox
[2011/08/08 05:31:19 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/08/08 05:30:08 | 000,000,000 | ---D | C] -- C:\Users\Jeremy\AppData\Roaming\Dropbox
[2011/06/10 01:33:43 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Jeremy\AppData\Roaming\3B5IMICQOG.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/06 19:14:17 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 19:14:17 | 000,003,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 19:07:34 | 000,644,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/06 19:07:34 | 000,120,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/06 19:02:57 | 000,001,081 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/06 19:02:57 | 000,001,057 | ---- | M] () -- C:\Users\Jeremy\Desktop\Spybot - Search & Destroy.lnk
[2011/09/06 19:02:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/06 18:59:04 | 131,299,828 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/06 18:58:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/09/06 18:54:59 | 000,055,925 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/06 18:54:59 | 000,055,925 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/06 18:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/06 13:27:03 | 000,000,872 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 13:22:46 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/06 11:46:44 | 123,195,470 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/06 08:29:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/06 08:09:14 | 000,002,571 | ---- | M] () -- C:\Users\Jeremy\Desktop\Microsoft Excel 2010.lnk
[2011/09/06 00:35:06 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 18:43:46 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Kings Bounty Crossworlds.lnk
[2011/09/05 15:58:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/09/05 15:00:05 | 000,000,911 | ---- | M] () -- C:\Users\Jeremy\Desktop\Universal Extractor.lnk
[2011/09/05 01:05:24 | 000,001,167 | ---- | M] () -- C:\Users\Jeremy\Desktop\Space Rangers 2 - Reboot Add-on.lnk
[2011/09/04 22:31:57 | 000,013,312 | ---- | M] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 12:03:59 | 000,001,023 | ---- | M] () -- C:\Users\Jeremy\Desktop\kb - Shortcut.lnk
[2011/09/03 15:22:40 | 000,001,092 | ---- | M] () -- C:\Users\Jeremy\Desktop\King Arthur - The Role-playing Wargame The Saxons.lnk
[2011/09/03 14:30:44 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/03 08:57:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
[2011/09/02 22:31:53 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/01 11:48:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ÄtÄt
[2011/09/01 08:02:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ÄUÄU
[2011/08/31 16:22:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ÄlÄl
[2011/08/26 23:25:34 | 000,000,975 | ---- | M] () -- C:\Users\Jeremy\Desktop\Tropico4 - Shortcut.lnk
[2011/08/25 12:48:27 | 000,018,145 | ---- | M] () -- C:\Users\Jeremy\Desktop\Weekly Planner.ods
[2011/08/25 09:03:43 | 001,222,534 | ---- | M] () -- C:\Users\Jeremy\Desktop\eating-well-with-no-time-and-no-money.pdf
[2011/08/25 04:30:24 | 000,002,058 | ---- | M] () -- C:\Users\Jeremy\Desktop\TurningPoint 2008.lnk
[2011/08/25 02:41:41 | 000,002,613 | ---- | M] () -- C:\Users\Jeremy\Desktop\Microsoft Word 2010.lnk
[2011/08/25 00:06:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ÄÄ
[2011/08/25 00:05:52 | 000,000,945 | ---- | M] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/24 23:14:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Ä8Ä8
[2011/08/24 23:11:49 | 000,405,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/19 07:15:17 | 000,001,178 | ---- | M] () -- C:\Users\Jeremy\Desktop\RPGs.lnk
[2011/08/18 13:04:44 | 000,001,272 | ---- | M] () -- C:\Users\Jeremy\Desktop\Academic books.lnk
[2011/08/15 12:00:28 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2011/08/13 20:53:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Ä6Ä6
[2011/08/12 15:01:04 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/11 22:10:50 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/08/09 08:41:07 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/08 05:32:02 | 000,000,944 | ---- | M] () -- C:\Users\Jeremy\Desktop\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/06 19:02:57 | 000,001,081 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/06 19:02:57 | 000,001,057 | ---- | C] () -- C:\Users\Jeremy\Desktop\Spybot - Search & Destroy.lnk
[2011/09/06 13:27:03 | 000,000,872 | ---- | C] () -- C:\Users\Jeremy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/06 13:27:03 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/06 13:22:46 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/06 11:46:25 | 123,195,470 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/06 00:35:06 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/05 18:43:46 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Kings Bounty Crossworlds.lnk
[2011/09/05 15:00:05 | 000,000,911 | ---- | C] () -- C:\Users\Jeremy\Desktop\Universal Extractor.lnk
[2011/09/05 01:05:24 | 000,001,167 | ---- | C] () -- C:\Users\Jeremy\Desktop\Space Rangers 2 - Reboot Add-on.lnk
[2011/09/04 12:03:59 | 000,001,023 | ---- | C] () -- C:\Users\Jeremy\Desktop\kb - Shortcut.lnk
[2011/09/03 15:22:40 | 000,001,092 | ---- | C] () -- C:\Users\Jeremy\Desktop\King Arthur - The Role-playing Wargame The Saxons.lnk
[2011/09/03 08:57:39 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk
[2011/09/01 11:48:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ÄtÄt
[2011/09/01 08:02:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ÄUÄU
[2011/08/31 16:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ÄlÄl
[2011/08/26 23:25:34 | 000,000,975 | ---- | C] () -- C:\Users\Jeremy\Desktop\Tropico4 - Shortcut.lnk
[2011/08/25 09:03:43 | 001,222,534 | ---- | C] () -- C:\Users\Jeremy\Desktop\eating-well-with-no-time-and-no-money.pdf
[2011/08/25 04:30:24 | 000,002,058 | ---- | C] () -- C:\Users\Jeremy\Desktop\TurningPoint 2008.lnk
[2011/08/25 00:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ÄÄ
[2011/08/24 23:53:18 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/24 23:14:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Ä8Ä8
[2011/08/17 14:33:45 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/08/17 14:33:42 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/08/15 11:59:31 | 000,002,613 | ---- | C] () -- C:\Users\Jeremy\Desktop\Microsoft Word 2010.lnk
[2011/08/15 11:58:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/08/15 11:30:06 | 000,002,571 | ---- | C] () -- C:\Users\Jeremy\Desktop\Microsoft Excel 2010.lnk
[2011/08/13 20:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Ä6Ä6
[2011/08/12 15:01:04 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/08 05:32:02 | 000,000,944 | ---- | C] () -- C:\Users\Jeremy\Desktop\Dropbox.lnk
[2011/07/19 13:06:44 | 000,157,395 | ---- | C] () -- C:\Windows\hpoins27.dat
[2011/07/19 13:06:44 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2011/07/16 12:55:45 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/07/16 12:55:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/07/13 01:10:08 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/06/29 20:29:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/06/29 20:29:42 | 000,022,328 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\PnkBstrK.sys
[2011/06/29 20:29:22 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/06/29 20:29:19 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/06/29 20:29:19 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/06/28 16:38:06 | 000,061,440 | ---- | C] () -- C:\Windows\TADSUINS.EXE
[2011/06/24 03:09:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/24 03:09:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/21 00:38:12 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011/06/21 00:38:12 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011/06/21 00:38:12 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011/06/19 14:54:05 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/06/12 17:08:05 | 000,000,295 | ---- | C] () -- C:\Windows\Sierra.ini
[2011/06/09 23:33:26 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/06/09 22:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/09 21:21:05 | 000,000,000 | ---- | C] () -- C:\Users\Jeremy\AppData\Roaming\wklnhst.dat
[2011/06/08 14:16:10 | 000,055,925 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/06/08 14:16:09 | 000,055,925 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/06/08 03:02:39 | 000,000,552 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d8caps.dat
[2011/06/08 02:49:26 | 000,013,312 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/08 02:41:36 | 000,000,680 | ---- | C] () -- C:\Users\Jeremy\AppData\Local\d3d9caps.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/09/04 05:16:00 | 002,059,264 | ---- | C] () -- C:\Windows\setup_rangers_2.exe
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,405,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,644,530 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,238 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/09/04 20:56:16 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Academagia
[2011/06/29 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\acccore
[2011/06/09 23:30:31 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\AVG10
[2011/09/06 11:38:14 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\DAEMON Tools Lite
[2011/09/06 11:33:08 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Dropbox
[2011/06/27 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\EuroTalk
[2011/06/23 15:52:48 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Foxit Software
[2011/08/26 23:27:10 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Kalypso Media
[2011/06/12 21:35:26 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Leadertech
[2011/07/03 14:39:00 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Lionhead Studios
[2011/07/26 12:19:50 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\LucasArts
[2011/06/29 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\MusE
[2011/08/23 14:41:15 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Netscape
[2011/06/10 14:28:17 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\OpenOffice.org
[2011/09/05 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Remote
[2011/08/02 14:42:14 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\ScummVM
[2011/06/23 14:17:35 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\TechWizard
[2011/06/09 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Template
[2011/09/06 01:48:25 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Tropico 4
[2011/08/25 04:36:09 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\Turning Technologies
[2011/07/24 04:16:21 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\UDP Software
[2011/09/06 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\uTorrent
[2011/06/25 13:16:45 | 000,000,000 | ---D | M] -- C:\Users\Jeremy\AppData\Roaming\WordWeb
[2011/09/05 15:58:02 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000Core.job
[2011/09/06 18:58:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1459413813-269195189-3691727679-1000UA.job
[2011/09/06 19:01:32 | 000,023,958 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Attached Files
Edited by retired_deer, 06 September 2011 - 07:42 PM.