Right click on icons malfunction
Started by
acajelen
, Oct 23 2011 04:42 PM
#16
Posted 31 October 2011 - 07:02 PM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
#17
Posted 31 October 2011 - 07:06 PM
SweetTech
-
- Retired Staff
-
- 7,671 posts
Sir SpamAlot
Can you provide me with some more details in regards to what you're referring to and/or provide screenshots for me.Just to add something. I've opened my doc. and found a lot of strange files like Blo8Vx_cfdg.exe, HdW2Bh_cfdg.exe.. And a lot of folders on C:/ are "visible hidden", and there is a lot of new icons with strange name..
Please take a screenshot of that window.
- You can do this by pressing the PrintScreen key.
- Then go to Start > All Programs > Accessories > Paint
- In Paint, go up to Edit > Paste
- Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it where you want.
- Then click Reply in this topic.
- Scroll down to Attachments.
- Click the Browse button.
- Locate the file you just saved, click on it, then click Open.
- Click Upload and submit the reply.
#18
Posted 31 October 2011 - 07:22 PM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
here iit is
Attached Thumbnails
#19
Posted 31 October 2011 - 07:23 PM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
d
Attached Thumbnails
#20
Posted 31 October 2011 - 07:24 PM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
more
Attached Thumbnails
#21
Posted 31 October 2011 - 07:26 PM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
there is more but I think that this is enough. BTw System volume information is something that I saw a lot of times during scaning with the Avast. That is virus for sure
Attached Thumbnails
#22
Posted 01 November 2011 - 04:43 AM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8059
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1.11.2011 11:42:37
mbam-log-2011-11-01 (11-42-37).txt
Scan type: Quick scan
Objects scanned: 153752
Time elapsed: 1 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (ShopperReports) -> Value: [email protected] -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Master\my documents\downloads\downloadsetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
www.malwarebytes.org
Database version: 8059
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1.11.2011 11:42:37
mbam-log-2011-11-01 (11-42-37).txt
Scan type: Quick scan
Objects scanned: 153752
Time elapsed: 1 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (ShopperReports) -> Value: [email protected] -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\Master\my documents\downloads\downloadsetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
#23
Posted 01 November 2011 - 06:10 AM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
C:\Documents and Settings\Master\My Documents\Downloads\Programcici\registrybooster.exe a variant of Win32/RegistryBooster application
C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\CmndFF.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AC application
C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\CntntCntr.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AD application
C:\System Volume Information\_restore{A516F37D-190B-48BB-94B3-76D716BBFB6A}\RP446\A0071473.dll a variant of Win32/Adware.Toolbar.Shopper.AC application
C:\System Volume Information\_restore{A516F37D-190B-48BB-94B3-76D716BBFB6A}\RP446\A0071474.dll a variant of Win32/Adware.Toolbar.Shopper.AD application
C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\CmndFF.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AC application
C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\CntntCntr.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AD application
C:\System Volume Information\_restore{A516F37D-190B-48BB-94B3-76D716BBFB6A}\RP446\A0071473.dll a variant of Win32/Adware.Toolbar.Shopper.AC application
C:\System Volume Information\_restore{A516F37D-190B-48BB-94B3-76D716BBFB6A}\RP446\A0071474.dll a variant of Win32/Adware.Toolbar.Shopper.AD application
#24
Posted 01 November 2011 - 06:12 AM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
#25
Posted 01 November 2011 - 12:07 PM
SweetTech
-
- Retired Staff
-
- 7,671 posts
Sir SpamAlot
Hi!
Those files are usually hidden, and should be reset back to it's default value (to hidden) when we clean-up our tools later on.
Thanks for the screenshot of those weird files. I'm going to kill them.
C:\Documents and Settings\Master\My Documents\Bl08Vx_cfdg.exe
C:\Documents and Settings\Master\My Documents\HdW2Bh_cfdg.exe
C:\Documents and Settings\Master\My Documents\Vwq3Ls_cfdg.exe
C:\Documents and Settings\Master\My Documents\WjB4C9_cfdg.exe
Do you recognize those Golden-Axe files?
Those files are usually hidden, and should be reset back to it's default value (to hidden) when we clean-up our tools later on.
Thanks for the screenshot of those weird files. I'm going to kill them.
C:\Documents and Settings\Master\My Documents\Bl08Vx_cfdg.exe
C:\Documents and Settings\Master\My Documents\HdW2Bh_cfdg.exe
C:\Documents and Settings\Master\My Documents\Vwq3Ls_cfdg.exe
C:\Documents and Settings\Master\My Documents\WjB4C9_cfdg.exe
Do you recognize those Golden-Axe files?
#26
Posted 01 November 2011 - 12:44 PM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
Do you recognize those Golden-Axe files?
Lol
That is a game from SEGa file. That is not virus for sure.What should I do next?
#27
Posted 01 November 2011 - 12:48 PM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
Btw, I want to thank U for your effort and patience.
#28
Posted 01 November 2011 - 01:02 PM
SweetTech
-
- Retired Staff
-
- 7,671 posts
Sir SpamAlot
Hi!
No problem!
These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.
____________________________________________________
From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.
Lets address those programs that need updating now!
Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.
OTL Fix
We need to run an OTL Fix
NEXT:
No Anti-Virus Present
Looking over your log it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.
NEXT:
OTL Custom Scan
We need to run an OTL Custom Scan
NEXT:
What outstanding issues (if any) are you still experiencing with your computer?
No problem!
These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.
C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\CmndFF.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AC application
C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\CntntCntr.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AD application
C:\System Volume Information\_restore{A516F37D-190B-48BB-94B3-76D716BBFB6A}\RP446\A0071473.dll a variant of Win32/Adware.Toolbar.Shopper.AC application
C:\System Volume Information\_restore{A516F37D-190B-48BB-94B3-76D716BBFB6A}\RP446\A0071474.dll a variant of Win32/Adware.Toolbar.Shopper.AD application
____________________________________________________
From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.
Lets address those programs that need updating now!
Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.
OTL Fix
We need to run an OTL Fix
- Please reopen
on your desktop. - Copy and Paste the following code into the
textbox.
:Services :OTL :Reg :Files C:\Documents and Settings\Master\My Documents\Bl08Vx_cfdg.exe C:\Documents and Settings\Master\My Documents\HdW2Bh_cfdg.exe C:\Documents and Settings\Master\My Documents\Vwq3Ls_cfdg.exe C:\Documents and Settings\Master\My Documents\WjB4C9_cfdg.exe C:\Documents and Settings\Master\My Documents\Firefox Setup 3.6.6.exe ipconfig /flushdns /c :Commands [purity] [resethosts] [CreateRestorePoint] [emptytemp] [EMPTYFLASH]
- Push
- OTL may ask to reboot the machine. Please do so if asked.
- Click the OK button.
- A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
NEXT:
No Anti-Virus Present
Looking over your log it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.
NEXT:
OTL Custom Scan
We need to run an OTL Custom Scan
- Please reopen on your desktop.
- Copy and Paste the following code into the textbox.
netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Push the
button. - A report will open. Copy and Paste that report in your next reply.
NEXT:
What outstanding issues (if any) are you still experiencing with your computer?
#29
Posted 01 November 2011 - 03:55 PM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
Why shouldn't I use Avg? I already have it and it found 5 viruses that AVASt6 couldn't?
#30
Posted 01 November 2011 - 03:56 PM
acajelen
- Topic Starter
-
- Member
-
- 44 posts
Member
OTL logfile created on: 1.11.2011 22:48:24 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Master\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 76,78% Memory free
4,84 Gb Paging File | 4,32 Gb Available in Paging File | 89,21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 2,41 Gb Free Space | 4,93% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 2,03 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.10.27 02:45:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master\My Documents\Downloads\OTL.exe
PRC - [2011.10.14 10:58:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.04.24 17:57:54 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.06.26 18:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.06 15:57:50 | 000,024,576 | ---- | M] () -- C:\Program Files\AVEO\AveoCap\AveoSTI.exe
PRC - [2007.06.01 09:51:34 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007.06.01 09:49:20 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007.06.01 09:45:00 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007.02.12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
PRC - [2007.01.18 13:48:42 | 002,752,512 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.01.16 09:53:08 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007.01.12 22:14:34 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007.01.12 21:41:40 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.10.31 21:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.10.27 19:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.02.06 22:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.01.23 22:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
========== Modules (No Company Name) ==========
MOD - [2011.10.14 10:58:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 13:31:42 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko7.dll
MOD - [2010.05.27 09:00:00 | 003,822,592 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2009.11.27 18:11:44 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008.04.14 13:00:00 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008.04.14 13:00:00 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008.04.14 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.11.06 15:57:50 | 000,024,576 | ---- | M] () -- C:\Program Files\AVEO\AveoCap\AveoSTI.exe
MOD - [2007.10.12 14:16:02 | 000,032,768 | ---- | M] () -- C:\Program Files\AVEO\AveoCap\hodll.dll
MOD - [2007.06.01 09:44:36 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007.04.25 09:55:40 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005.07.22 20:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2004.10.14 09:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (avast! Firewall)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2007.02.12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2006.10.31 21:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
========== Driver Services (SafeList) ==========
DRV - [2011.09.06 21:38:54 | 000,111,320 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010.01.13 17:24:40 | 006,598,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2007.10.16 11:38:30 | 004,615,168 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.09.19 14:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.06.21 03:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007.05.29 14:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.04.03 09:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2007.04.02 15:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2006.11.30 18:55:00 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2006.11.22 15:09:22 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.10.27 23:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.10.05 15:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2006.06.29 06:13:08 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2304157
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.517.0
FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYYYRS&&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.14 10:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 13:40:39 | 000,000,000 | ---D | M]
[2010.06.27 16:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Master\Application Data\Mozilla\Extensions
[2011.10.29 17:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions
[2011.10.13 13:09:20 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011.10.13 13:09:25 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011.04.17 12:50:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\[email protected]
[2011.10.20 15:01:24 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\[email protected]
[2011.11.01 01:39:24 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\searchplugins\askcom.xml
[2011.10.29 17:36:52 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\searchplugins\avg-secure-search.xml
[2010.06.08 10:30:04 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\searchplugins\conduit.xml
[2011.04.24 18:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.30 19:14:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.10.14 10:58:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.14 10:58:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2011.11.01 22:36:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AveoSTI.exe] C:\Program Files\AVEO\AveoCap\AveoSTI.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\Master\Start Menu\Programs\Startup\Xfire.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66AB7118-19C3-456D-840D-F2DB85B5DE6A}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Master\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Master\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.25 08:13:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
========== Files/Folders - Created Within 30 Days ==========
[2011.11.01 22:36:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.01 12:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.01 11:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\Malwarebytes
[2011.11.01 11:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.01 11:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.11.01 11:35:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.01 11:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.01 02:01:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.11.01 01:09:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.10.31 20:37:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.10.31 20:06:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.10.31 20:06:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.10.31 20:06:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.10.31 20:06:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.10.31 20:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.10.29 17:38:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.10.29 17:29:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.10.29 17:29:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Master\Start Menu\Programs\Administrative Tools
[2011.10.29 17:26:19 | 004,277,063 | R--- | C] (Swearware) -- C:\Documents and Settings\Master\Desktop\ComboFix.exe
[2011.10.23 18:31:17 | 000,000,000 | ---D | C] -- C:\$AVG
[2011.10.23 17:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\AVG2012
[2011.10.23 17:40:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011.10.23 17:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011.10.23 17:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.10.23 17:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011.10.23 17:00:06 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2011.10.23 16:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CAPCOM
[2011.10.23 16:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Start Menu\Programs\Westwood
[2011.10.23 16:55:55 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011.10.23 13:37:08 | 000,000,000 | ---D | C] -- C:\Westwood
[2011.10.23 13:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\DAEMON Tools Pro
[2011.10.23 13:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011.10.18 23:31:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
========== Files - Modified Within 30 Days ==========
[2011.11.01 22:52:55 | 000,123,606 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011.11.01 22:52:54 | 000,123,606 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011.11.01 22:49:03 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.01 22:42:59 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.01 22:42:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.01 22:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.11.01 11:35:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.11.01 11:35:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.01 02:14:34 | 000,064,364 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\sistem volume..2.JPG
[2011.11.01 02:12:16 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\sistem volume...bmp
[2011.10.31 20:40:36 | 000,002,538 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.10.31 20:37:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.10.31 10:22:00 | 000,436,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.31 10:22:00 | 000,069,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.31 10:20:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.29 19:31:02 | 000,139,924 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\691bb4240bcc557b54fec3b4b5073147.gif
[2011.10.29 17:26:34 | 004,277,063 | R--- | M] (Swearware) -- C:\Documents and Settings\Master\Desktop\ComboFix.exe
[2011.10.27 19:52:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011.10.27 02:29:50 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gmer.exe
[2011.10.26 02:51:12 | 000,051,635 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gag_daysie.jpg
[2011.10.26 02:50:44 | 000,402,244 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\eliana dante tunde.jpg
[2011.10.26 02:48:34 | 000,037,141 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\149263590_Daysie_123_132lo.jpg
[2011.10.26 02:39:44 | 000,776,514 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\anna parlax.jpg
[2011.10.26 02:38:54 | 000,043,194 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Sylvie De Luxe.jpg
[2011.10.23 17:56:19 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.10.23 17:00:03 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.10.23 17:00:02 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011.10.23 17:00:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011.10.23 16:48:19 | 000,033,222 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gapethatass___alicia_rhodes_481190.jpeg
[2011.10.23 12:22:22 | 000,052,939 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAyLmpwZw==.jpg
[2011.10.23 12:22:06 | 000,054,782 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAxLmpwZw==.jpg
[2011.10.23 12:21:53 | 000,047,328 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA4LmpwZw==.jpg
[2011.10.23 12:21:28 | 000,048,776 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTE3LmpwZw==.jpg
[2011.10.23 12:09:27 | 000,049,774 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA5LmpwZw==.jpg
[2011.10.23 12:09:16 | 000,046,860 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA1LmpwZw==.jpg
[2011.10.23 12:07:34 | 000,043,722 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA0LmpwZw==.jpg
[2011.10.21 13:16:07 | 000,034,037 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\ANDREA DELLACASA.jpg
[2011.10.21 13:15:33 | 000,038,454 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\CATHERINE DEEE.jpg
[2011.10.20 20:19:49 | 000,273,418 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\mary jane jonson.jpg
[2011.10.20 03:12:35 | 000,098,477 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Rachel in C0ll3g3 Rnl3s episode Wheel of Fun.jpg
[2011.10.19 16:40:33 | 000,106,800 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\shoot-myself-ex-girl-2-109.jpg
[2011.10.19 16:40:25 | 000,012,519 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\s-shoot-myself-ex-girl-2-109.jpg
[2011.10.19 12:56:48 | 000,172,581 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\paulina presley.jpg
[2011.10.19 12:55:57 | 000,117,665 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\julia parton.jpg
[2011.10.19 12:55:19 | 000,362,376 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aidan layne.png
[2011.10.19 03:07:31 | 000,024,914 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\mffgboi48w.jpeg
[2011.10.19 02:57:50 | 000,076,307 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\tumblr_linnqlwTwz1qbz3i5.jpg
[2011.10.18 23:06:04 | 000,026,009 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\TB2hz99S.htm.part
[2011.10.18 20:35:48 | 000,223,397 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\1096883_shyra sheer.jpg
[2011.10.18 00:54:37 | 000,164,507 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\mazinha.jpg
[2011.10.18 00:48:34 | 000,198,310 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\angelica hart.jpg
[2011.10.16 02:37:46 | 000,009,991 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\th_687819325_BigTitsOnWebCam.avi_snapshot_06.16_2011.10.04_03.24.48_123_581lo.jpg
[2011.10.16 02:36:12 | 000,034,260 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\44.jpg
[2011.10.14 11:12:24 | 000,901,586 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\casie cruz.jpg
[2011.10.14 11:09:22 | 000,460,890 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\RubeGoldberg01.gif
[2011.10.13 21:24:28 | 000,024,845 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\arianna-sinn.jpg
[2011.10.13 01:51:13 | 000,157,296 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\rharucq97wtg.jpg
[2011.10.11 22:09:56 | 002,092,588 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\the blonde is Anastasia Braun, Babette, Bridget, Dolly, Laura, Nastja.gif
[2011.10.11 22:09:37 | 000,093,848 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\giovanni-aria-n-07.jpg
[2011.10.11 22:05:10 | 000,023,761 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\kali west.GIF
[2011.10.10 14:25:30 | 000,049,143 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Francesa Frigo.JPG
[2011.10.10 14:22:41 | 000,486,178 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\anigif preview.gif
[2011.10.10 14:18:51 | 000,038,015 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\elizabeth marxs.jpg
[2011.10.10 14:18:20 | 001,175,877 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\wys09e02kgzl.jpg
[2011.10.10 14:10:37 | 000,063,678 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\tumblr_lshov0Ty321qeg2vro1_500.jpg
[2011.10.10 13:57:40 | 000,028,436 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\identify1.jpg
[2011.10.10 04:31:15 | 000,025,258 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\5.jpg
[2011.10.10 04:30:47 | 000,036,036 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\user130861pic.jpg
[2011.10.10 00:17:52 | 000,073,283 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\120x120.gif
========== Files Created - No Company Name ==========
[2011.11.01 11:35:19 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.11.01 11:35:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.01 02:14:34 | 000,064,364 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\sistem volume..2.JPG
[2011.11.01 02:12:15 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\sistem volume...bmp
[2011.10.31 20:37:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.10.31 20:37:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011.10.31 20:06:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.10.31 20:06:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.10.31 20:06:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.10.31 20:06:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.10.31 20:06:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.10.29 19:31:01 | 000,139,924 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\691bb4240bcc557b54fec3b4b5073147.gif
[2011.10.26 02:51:11 | 000,051,635 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\gag_daysie.jpg
[2011.10.26 02:50:44 | 000,402,244 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\eliana dante tunde.jpg
[2011.10.26 02:48:32 | 000,037,141 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\149263590_Daysie_123_132lo.jpg
[2011.10.26 02:39:43 | 000,776,514 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\anna parlax.jpg
[2011.10.26 02:38:39 | 000,043,194 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\Sylvie De Luxe.jpg
[2011.10.23 17:00:03 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.10.23 16:59:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011.10.23 16:59:57 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2011.10.23 16:48:18 | 000,033,222 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\gapethatass___alicia_rhodes_481190.jpeg
[2011.10.23 12:22:21 | 000,052,939 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAyLmpwZw==.jpg
[2011.10.23 12:22:05 | 000,054,782 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAxLmpwZw==.jpg
[2011.10.23 12:21:52 | 000,047,328 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA4LmpwZw==.jpg
[2011.10.23 12:21:28 | 000,048,776 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTE3LmpwZw==.jpg
[2011.10.23 12:09:27 | 000,049,774 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA5LmpwZw==.jpg
[2011.10.23 12:09:16 | 000,046,860 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA1LmpwZw==.jpg
[2011.10.23 12:07:33 | 000,043,722 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA0LmpwZw==.jpg
[2011.10.21 13:16:06 | 000,034,037 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\ANDREA DELLACASA.jpg
[2011.10.21 13:15:33 | 000,038,454 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\CATHERINE DEEE.jpg
[2011.10.20 20:19:48 | 000,273,418 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\mary jane jonson.jpg
[2011.10.20 03:12:34 | 000,098,477 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\Rachel in C0ll3g3 Rnl3s episode Wheel of Fun.jpg
[2011.10.19 16:40:32 | 000,106,800 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\shoot-myself-ex-girl-2-109.jpg
[2011.10.19 16:40:23 | 000,012,519 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\s-shoot-myself-ex-girl-2-109.jpg
[2011.10.19 12:56:47 | 000,172,581 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\paulina presley.jpg
[2011.10.19 12:55:57 | 000,117,665 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\julia parton.jpg
[2011.10.19 12:55:18 | 000,362,376 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aidan layne.png
[2011.10.19 03:07:30 | 000,024,914 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\mffgboi48w.jpeg
[2011.10.19 02:57:49 | 000,076,307 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\tumblr_linnqlwTwz1qbz3i5.jpg
[2011.10.18 23:06:03 | 000,026,009 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\TB2hz99S.htm.part
[2011.10.18 20:35:47 | 000,223,397 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\1096883_shyra sheer.jpg
[2011.10.18 00:54:36 | 000,164,507 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\mazinha.jpg
[2011.10.18 00:48:32 | 000,198,310 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\angelica hart.jpg
[2011.10.16 02:37:45 | 000,009,991 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\th_687819325_BigTitsOnWebCam.avi_snapshot_06.16_2011.10.04_03.24.48_123_581lo.jpg
[2011.10.16 02:36:10 | 000,034,260 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\44.jpg
[2011.10.14 11:12:23 | 000,901,586 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\casie cruz.jpg
[2011.10.14 11:09:22 | 000,460,890 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\RubeGoldberg01.gif
[2011.10.13 21:24:27 | 000,024,845 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\arianna-sinn.jpg
[2011.10.13 01:51:12 | 000,157,296 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\rharucq97wtg.jpg
[2011.10.11 22:09:55 | 002,092,588 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\the blonde is Anastasia Braun, Babette, Bridget, Dolly, Laura, Nastja.gif
[2011.10.11 22:09:37 | 000,093,848 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\giovanni-aria-n-07.jpg
[2011.10.11 22:05:04 | 000,023,761 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\kali west.GIF
[2011.10.10 14:25:30 | 000,049,143 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\Francesa Frigo.JPG
[2011.10.10 14:22:40 | 000,486,178 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\anigif preview.gif
[2011.10.10 14:18:51 | 000,038,015 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\elizabeth marxs.jpg
[2011.10.10 14:18:19 | 001,175,877 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\wys09e02kgzl.jpg
[2011.10.10 14:10:36 | 000,063,678 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\tumblr_lshov0Ty321qeg2vro1_500.jpg
[2011.10.10 13:57:39 | 000,028,436 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\identify1.jpg
[2011.10.10 04:31:15 | 000,025,258 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\5.jpg
[2011.10.10 04:30:46 | 000,036,036 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\user130861pic.jpg
[2011.10.10 00:17:50 | 000,073,283 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\120x120.gif
[2011.07.16 23:51:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\Res2_uninst.exe
[2011.04.16 17:51:16 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.12.15 22:23:15 | 000,717,097 | ---- | C] () -- C:\WINDOWS\RON 2010 ENGLISH DL Uninstaller.exe
[2010.07.09 02:06:29 | 000,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010.06.27 16:01:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.06.25 19:36:15 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Master\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.25 10:06:32 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.06.25 10:06:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.06.25 10:06:26 | 003,315,712 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010.06.25 10:06:24 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.06.25 09:59:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.06.25 09:58:48 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.25 09:58:30 | 000,002,538 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010.06.25 08:44:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MFC_InstDrvDLL.dll
[2010.06.25 08:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010.06.25 08:39:38 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.06.25 08:28:52 | 000,123,606 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010.06.25 08:15:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.06.25 08:10:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 13:00:00 | 000,436,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 13:00:00 | 000,069,076 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.06.20 05:21:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.06.20 05:21:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007.06.20 05:21:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.06.20 05:21:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007.06.20 05:21:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.06.20 05:21:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.06.20 05:21:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007.06.20 05:21:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
========== LOP Check ==========
[2010.06.25 09:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011.10.29 17:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010.06.25 10:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011.10.23 17:40:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011.10.23 13:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011.10.29 17:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011.02.04 03:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\123 Free Solitaire
[2010.08.16 03:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\AskToolbar
[2011.10.23 17:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\AVG2012
[2010.06.25 10:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Canneverbe Limited
[2011.10.23 16:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\DAEMON Tools Pro
[2011.10.23 16:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\uTorrent
[2011.11.01 22:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\google\chrome\application\chrome.exe" [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011.10.14 10:58:33 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011.10.14 10:58:33 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011.10.14 10:58:33 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011.10.14 10:58:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011.10.14 10:58:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011.10.14 10:58:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009.03.08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009.03.08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009.03.08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009.03.08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009.03.08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Master\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000081A | Country: Serbia and Montenegro | Language: SRL | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 76,78% Memory free
4,84 Gb Paging File | 4,32 Gb Available in Paging File | 89,21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 2,41 Gb Free Space | 4,93% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 2,03 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.10.27 02:45:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Master\My Documents\Downloads\OTL.exe
PRC - [2011.10.14 10:58:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.04.24 17:57:54 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.06.26 18:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.06 15:57:50 | 000,024,576 | ---- | M] () -- C:\Program Files\AVEO\AveoCap\AveoSTI.exe
PRC - [2007.06.01 09:51:34 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007.06.01 09:49:20 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007.06.01 09:45:00 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007.02.12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
PRC - [2007.01.18 13:48:42 | 002,752,512 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007.01.16 09:53:08 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007.01.12 22:14:34 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007.01.12 21:41:40 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.10.31 21:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.10.27 19:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.02.06 22:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.01.23 22:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
========== Modules (No Company Name) ==========
MOD - [2011.10.14 10:58:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 13:31:42 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko7.dll
MOD - [2010.05.27 09:00:00 | 003,822,592 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2009.11.27 18:11:44 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008.04.14 13:00:00 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008.04.14 13:00:00 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008.04.14 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.11.06 15:57:50 | 000,024,576 | ---- | M] () -- C:\Program Files\AVEO\AveoCap\AveoSTI.exe
MOD - [2007.10.12 14:16:02 | 000,032,768 | ---- | M] () -- C:\Program Files\AVEO\AveoCap\hodll.dll
MOD - [2007.06.01 09:44:36 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007.04.25 09:55:40 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005.07.22 20:30:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2004.10.14 09:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (avast! Firewall)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2007.02.12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2006.10.31 21:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
========== Driver Services (SafeList) ==========
DRV - [2011.09.06 21:38:54 | 000,111,320 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010.01.13 17:24:40 | 006,598,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2007.10.16 11:38:30 | 004,615,168 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.09.19 14:44:46 | 000,101,504 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.06.21 03:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007.05.29 14:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.04.03 09:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2007.04.02 15:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2006.11.30 18:55:00 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2006.11.22 15:09:22 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.10.27 23:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.10.05 15:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2006.06.29 06:13:08 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2304157
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.517.0
FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYYYRS&&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.14 10:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 13:40:39 | 000,000,000 | ---D | M]
[2010.06.27 16:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Master\Application Data\Mozilla\Extensions
[2011.10.29 17:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions
[2011.10.13 13:09:20 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011.10.13 13:09:25 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011.04.17 12:50:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\[email protected]
[2011.10.20 15:01:24 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\extensions\[email protected]
[2011.11.01 01:39:24 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\searchplugins\askcom.xml
[2011.10.29 17:36:52 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\searchplugins\avg-secure-search.xml
[2010.06.08 10:30:04 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\8rnm7nvv.default\searchplugins\conduit.xml
[2011.04.24 18:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.30 19:14:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.10.14 10:58:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.14 10:58:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2011.11.01 22:36:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AveoSTI.exe] C:\Program Files\AVEO\AveoCap\AveoSTI.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\Master\Start Menu\Programs\Startup\Xfire.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66AB7118-19C3-456D-840D-F2DB85B5DE6A}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Master\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Master\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.25 08:13:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
========== Files/Folders - Created Within 30 Days ==========
[2011.11.01 22:36:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.01 12:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.01 11:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\Malwarebytes
[2011.11.01 11:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.01 11:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.11.01 11:35:16 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.01 11:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.01 02:01:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.11.01 01:09:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.10.31 20:37:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.10.31 20:06:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.10.31 20:06:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.10.31 20:06:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.10.31 20:06:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.10.31 20:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.10.29 17:38:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.10.29 17:29:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.10.29 17:29:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Master\Start Menu\Programs\Administrative Tools
[2011.10.29 17:26:19 | 004,277,063 | R--- | C] (Swearware) -- C:\Documents and Settings\Master\Desktop\ComboFix.exe
[2011.10.23 18:31:17 | 000,000,000 | ---D | C] -- C:\$AVG
[2011.10.23 17:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\AVG2012
[2011.10.23 17:40:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011.10.23 17:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011.10.23 17:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.10.23 17:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011.10.23 17:00:06 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2011.10.23 16:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CAPCOM
[2011.10.23 16:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Start Menu\Programs\Westwood
[2011.10.23 16:55:55 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2011.10.23 13:37:08 | 000,000,000 | ---D | C] -- C:\Westwood
[2011.10.23 13:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Master\Application Data\DAEMON Tools Pro
[2011.10.23 13:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011.10.18 23:31:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
========== Files - Modified Within 30 Days ==========
[2011.11.01 22:52:55 | 000,123,606 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011.11.01 22:52:54 | 000,123,606 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011.11.01 22:49:03 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.01 22:42:59 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.01 22:42:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.01 22:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.11.01 11:35:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.11.01 11:35:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.01 02:14:34 | 000,064,364 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\sistem volume..2.JPG
[2011.11.01 02:12:16 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\sistem volume...bmp
[2011.10.31 20:40:36 | 000,002,538 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.10.31 20:37:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.10.31 10:22:00 | 000,436,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.31 10:22:00 | 000,069,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.31 10:20:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.29 19:31:02 | 000,139,924 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\691bb4240bcc557b54fec3b4b5073147.gif
[2011.10.29 17:26:34 | 004,277,063 | R--- | M] (Swearware) -- C:\Documents and Settings\Master\Desktop\ComboFix.exe
[2011.10.27 19:52:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011.10.27 02:29:50 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gmer.exe
[2011.10.26 02:51:12 | 000,051,635 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gag_daysie.jpg
[2011.10.26 02:50:44 | 000,402,244 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\eliana dante tunde.jpg
[2011.10.26 02:48:34 | 000,037,141 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\149263590_Daysie_123_132lo.jpg
[2011.10.26 02:39:44 | 000,776,514 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\anna parlax.jpg
[2011.10.26 02:38:54 | 000,043,194 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Sylvie De Luxe.jpg
[2011.10.23 17:56:19 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.10.23 17:00:03 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.10.23 17:00:02 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011.10.23 17:00:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011.10.23 16:48:19 | 000,033,222 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\gapethatass___alicia_rhodes_481190.jpeg
[2011.10.23 12:22:22 | 000,052,939 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAyLmpwZw==.jpg
[2011.10.23 12:22:06 | 000,054,782 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAxLmpwZw==.jpg
[2011.10.23 12:21:53 | 000,047,328 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA4LmpwZw==.jpg
[2011.10.23 12:21:28 | 000,048,776 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTE3LmpwZw==.jpg
[2011.10.23 12:09:27 | 000,049,774 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA5LmpwZw==.jpg
[2011.10.23 12:09:16 | 000,046,860 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA1LmpwZw==.jpg
[2011.10.23 12:07:34 | 000,043,722 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA0LmpwZw==.jpg
[2011.10.21 13:16:07 | 000,034,037 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\ANDREA DELLACASA.jpg
[2011.10.21 13:15:33 | 000,038,454 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\CATHERINE DEEE.jpg
[2011.10.20 20:19:49 | 000,273,418 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\mary jane jonson.jpg
[2011.10.20 03:12:35 | 000,098,477 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Rachel in C0ll3g3 Rnl3s episode Wheel of Fun.jpg
[2011.10.19 16:40:33 | 000,106,800 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\shoot-myself-ex-girl-2-109.jpg
[2011.10.19 16:40:25 | 000,012,519 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\s-shoot-myself-ex-girl-2-109.jpg
[2011.10.19 12:56:48 | 000,172,581 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\paulina presley.jpg
[2011.10.19 12:55:57 | 000,117,665 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\julia parton.jpg
[2011.10.19 12:55:19 | 000,362,376 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\aidan layne.png
[2011.10.19 03:07:31 | 000,024,914 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\mffgboi48w.jpeg
[2011.10.19 02:57:50 | 000,076,307 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\tumblr_linnqlwTwz1qbz3i5.jpg
[2011.10.18 23:06:04 | 000,026,009 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\TB2hz99S.htm.part
[2011.10.18 20:35:48 | 000,223,397 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\1096883_shyra sheer.jpg
[2011.10.18 00:54:37 | 000,164,507 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\mazinha.jpg
[2011.10.18 00:48:34 | 000,198,310 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\angelica hart.jpg
[2011.10.16 02:37:46 | 000,009,991 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\th_687819325_BigTitsOnWebCam.avi_snapshot_06.16_2011.10.04_03.24.48_123_581lo.jpg
[2011.10.16 02:36:12 | 000,034,260 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\44.jpg
[2011.10.14 11:12:24 | 000,901,586 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\casie cruz.jpg
[2011.10.14 11:09:22 | 000,460,890 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\RubeGoldberg01.gif
[2011.10.13 21:24:28 | 000,024,845 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\arianna-sinn.jpg
[2011.10.13 01:51:13 | 000,157,296 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\rharucq97wtg.jpg
[2011.10.11 22:09:56 | 002,092,588 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\the blonde is Anastasia Braun, Babette, Bridget, Dolly, Laura, Nastja.gif
[2011.10.11 22:09:37 | 000,093,848 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\giovanni-aria-n-07.jpg
[2011.10.11 22:05:10 | 000,023,761 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\kali west.GIF
[2011.10.10 14:25:30 | 000,049,143 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\Francesa Frigo.JPG
[2011.10.10 14:22:41 | 000,486,178 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\anigif preview.gif
[2011.10.10 14:18:51 | 000,038,015 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\elizabeth marxs.jpg
[2011.10.10 14:18:20 | 001,175,877 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\wys09e02kgzl.jpg
[2011.10.10 14:10:37 | 000,063,678 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\tumblr_lshov0Ty321qeg2vro1_500.jpg
[2011.10.10 13:57:40 | 000,028,436 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\identify1.jpg
[2011.10.10 04:31:15 | 000,025,258 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\5.jpg
[2011.10.10 04:30:47 | 000,036,036 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\user130861pic.jpg
[2011.10.10 00:17:52 | 000,073,283 | ---- | M] () -- C:\Documents and Settings\Master\Desktop\120x120.gif
========== Files Created - No Company Name ==========
[2011.11.01 11:35:19 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.11.01 11:35:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.01 02:14:34 | 000,064,364 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\sistem volume..2.JPG
[2011.11.01 02:12:15 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\sistem volume...bmp
[2011.10.31 20:37:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.10.31 20:37:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011.10.31 20:06:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.10.31 20:06:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.10.31 20:06:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.10.31 20:06:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.10.31 20:06:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.10.29 19:31:01 | 000,139,924 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\691bb4240bcc557b54fec3b4b5073147.gif
[2011.10.26 02:51:11 | 000,051,635 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\gag_daysie.jpg
[2011.10.26 02:50:44 | 000,402,244 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\eliana dante tunde.jpg
[2011.10.26 02:48:32 | 000,037,141 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\149263590_Daysie_123_132lo.jpg
[2011.10.26 02:39:43 | 000,776,514 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\anna parlax.jpg
[2011.10.26 02:38:39 | 000,043,194 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\Sylvie De Luxe.jpg
[2011.10.23 17:00:03 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Master\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.10.23 16:59:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011.10.23 16:59:57 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2011.10.23 16:48:18 | 000,033,222 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\gapethatass___alicia_rhodes_481190.jpeg
[2011.10.23 12:22:21 | 000,052,939 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAyLmpwZw==.jpg
[2011.10.23 12:22:05 | 000,054,782 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTAxLmpwZw==.jpg
[2011.10.23 12:21:52 | 000,047,328 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA4LmpwZw==.jpg
[2011.10.23 12:21:28 | 000,048,776 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTE3LmpwZw==.jpg
[2011.10.23 12:09:27 | 000,049,774 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA5LmpwZw==.jpg
[2011.10.23 12:09:16 | 000,046,860 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA1LmpwZw==.jpg
[2011.10.23 12:07:33 | 000,043,722 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aHR0cDovL3d3dy5rYXJ1cHNwcy5jb20vNDE3L2JpZ2ltYWdlcy9pbWFnZTA0LmpwZw==.jpg
[2011.10.21 13:16:06 | 000,034,037 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\ANDREA DELLACASA.jpg
[2011.10.21 13:15:33 | 000,038,454 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\CATHERINE DEEE.jpg
[2011.10.20 20:19:48 | 000,273,418 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\mary jane jonson.jpg
[2011.10.20 03:12:34 | 000,098,477 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\Rachel in C0ll3g3 Rnl3s episode Wheel of Fun.jpg
[2011.10.19 16:40:32 | 000,106,800 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\shoot-myself-ex-girl-2-109.jpg
[2011.10.19 16:40:23 | 000,012,519 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\s-shoot-myself-ex-girl-2-109.jpg
[2011.10.19 12:56:47 | 000,172,581 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\paulina presley.jpg
[2011.10.19 12:55:57 | 000,117,665 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\julia parton.jpg
[2011.10.19 12:55:18 | 000,362,376 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\aidan layne.png
[2011.10.19 03:07:30 | 000,024,914 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\mffgboi48w.jpeg
[2011.10.19 02:57:49 | 000,076,307 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\tumblr_linnqlwTwz1qbz3i5.jpg
[2011.10.18 23:06:03 | 000,026,009 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\TB2hz99S.htm.part
[2011.10.18 20:35:47 | 000,223,397 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\1096883_shyra sheer.jpg
[2011.10.18 00:54:36 | 000,164,507 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\mazinha.jpg
[2011.10.18 00:48:32 | 000,198,310 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\angelica hart.jpg
[2011.10.16 02:37:45 | 000,009,991 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\th_687819325_BigTitsOnWebCam.avi_snapshot_06.16_2011.10.04_03.24.48_123_581lo.jpg
[2011.10.16 02:36:10 | 000,034,260 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\44.jpg
[2011.10.14 11:12:23 | 000,901,586 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\casie cruz.jpg
[2011.10.14 11:09:22 | 000,460,890 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\RubeGoldberg01.gif
[2011.10.13 21:24:27 | 000,024,845 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\arianna-sinn.jpg
[2011.10.13 01:51:12 | 000,157,296 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\rharucq97wtg.jpg
[2011.10.11 22:09:55 | 002,092,588 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\the blonde is Anastasia Braun, Babette, Bridget, Dolly, Laura, Nastja.gif
[2011.10.11 22:09:37 | 000,093,848 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\giovanni-aria-n-07.jpg
[2011.10.11 22:05:04 | 000,023,761 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\kali west.GIF
[2011.10.10 14:25:30 | 000,049,143 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\Francesa Frigo.JPG
[2011.10.10 14:22:40 | 000,486,178 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\anigif preview.gif
[2011.10.10 14:18:51 | 000,038,015 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\elizabeth marxs.jpg
[2011.10.10 14:18:19 | 001,175,877 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\wys09e02kgzl.jpg
[2011.10.10 14:10:36 | 000,063,678 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\tumblr_lshov0Ty321qeg2vro1_500.jpg
[2011.10.10 13:57:39 | 000,028,436 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\identify1.jpg
[2011.10.10 04:31:15 | 000,025,258 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\5.jpg
[2011.10.10 04:30:46 | 000,036,036 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\user130861pic.jpg
[2011.10.10 00:17:50 | 000,073,283 | ---- | C] () -- C:\Documents and Settings\Master\Desktop\120x120.gif
[2011.07.16 23:51:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\Res2_uninst.exe
[2011.04.16 17:51:16 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.12.15 22:23:15 | 000,717,097 | ---- | C] () -- C:\WINDOWS\RON 2010 ENGLISH DL Uninstaller.exe
[2010.07.09 02:06:29 | 000,000,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010.06.27 16:01:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.06.25 19:36:15 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Master\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.25 10:06:32 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.06.25 10:06:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.06.25 10:06:26 | 003,315,712 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010.06.25 10:06:24 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.06.25 09:59:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.06.25 09:58:48 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.25 09:58:30 | 000,002,538 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010.06.25 08:44:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\MFC_InstDrvDLL.dll
[2010.06.25 08:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010.06.25 08:39:38 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.06.25 08:28:52 | 000,123,606 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010.06.25 08:15:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.06.25 08:10:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 13:00:00 | 000,436,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 13:00:00 | 000,069,076 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.06.20 05:21:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.06.20 05:21:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007.06.20 05:21:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.06.20 05:21:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007.06.20 05:21:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.06.20 05:21:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.06.20 05:21:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007.06.20 05:21:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
========== LOP Check ==========
[2010.06.25 09:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011.10.29 17:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010.06.25 10:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011.10.23 17:40:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011.10.23 13:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011.10.29 17:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011.02.04 03:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\123 Free Solitaire
[2010.08.16 03:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\AskToolbar
[2011.10.23 17:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\AVG2012
[2010.06.25 10:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\Canneverbe Limited
[2011.10.23 16:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\DAEMON Tools Pro
[2011.10.23 16:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Master\Application Data\uTorrent
[2011.11.01 22:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\google\chrome\application\chrome.exe" [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011.10.14 10:58:33 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011.10.14 10:58:33 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011.10.14 10:58:33 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011.10.14 10:58:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011.10.14 10:58:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011.10.14 10:58:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009.03.08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009.03.08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009.03.08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009.03.08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009.03.08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
